Chrome Geolocation Sensors Breaking CORS

Question

I have an application that is extracting lat/lng from the geolocation api and and doing some reverse geocoding against a rest api.

I used to be able to use the Chrome sensor overrides in developer tools to test various locations. However, recently the resultant AJAX call has stopped working and I am getting CORS errors even though I know that the rest api has the CORS headers set correctly. In fact when I set location to "No Override" the call works as normal.

I have setup a fiddle here to demonstrate. The url it access does not have CORS setup (I couldn't find a public echo one that did), but the behaviour can be seen.

Watch the network tab. When "No Override" is selected chrome tries to do a straight GET request. When "London" is selected, Chrome sends an OPTIONS request, this request fails whether the rest api is configured for CORS or not. Obviously, in the fiddle, all these do fail because of the api, but even a correctly configured endpoint fails with the usual header not set error.

Is this a bug or am I missing something?

$('button').on('click', function(e) {
  navigator.geolocation.getCurrentPosition(function(position) {
    var lat = position.coords.latitude;
    var lng = position.coords.longitude;
    $.get('https://postman-echo.com/get?q=' + lat + ';' + lng, function(res) {
      console.log(res.body);
    });
  });
})

<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<button>
  Click
</button>

Answer 1

Adding more to Sami's response above:

Browser sensor override was being applied for latitude, longitude, Timezone and Locale. Locale override is causing the browser request header for Accept-Language to be set.

Accept-Language: mr_IN

So alternatively, you could avoid the error by not setting a Locale override assuming you're interested in just location.

Answer 2

When using location overrides the CORS API should allow the header Accept-Language:

Access-Control-Allow-Headers: Accept-Language