Cross-origin redirection denied by Cross-Origin Resource Sharing policy in Safari

Question

We have an api endpoint that redirects to another server. It's called via XHR and seems to work fine in most browsers, except for Safari (specifically on iOS).

The error I'm getting in the console is: Cross-origin redirection denied by Cross-Origin Resource Sharing policy

We have CORS on the page that does the redirection and on the other server. The redirection page sets:

Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false

The other server has:

Access-Control-Allow-Origin: *

How can I allow redirection in the CORS policy?

Answer 1

Enabling HTTPS on both servers has solved the problem for me.