crossdomain $.ajax and 302 redirection on safari

Question

I'm having a cross-domain $.ajax call setup like

$.ajax({
    url         : 'http://example.com/somepage',
    type        : 'get',
    crossDomain : true,
    xhrFields   : { withCredentials: true },
    success     : function(data) {
        // do something with data
    }
});

and server side on the vhost conf

SetEnvIfNoCase ORIGIN (.*) ORIGIN=$1
Header set Access-Control-Allow-Origin "%{ORIGIN}e"
Header set Access-Control-Allow-Methods "post, get, put, options, patch, delete"
Header set Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header set Access-Control-Max-Age "60"
Header set Access-Control-Allow-Credentials true

this is working fine unless my http://example.com/somepage is redirecting with a 302 code to an other page http://example.com/someotherpage, in this case ie, ff, chrome & opera are working & returning the data from the redirected to page, but not safari i can see the redirection (safari console) but the second call after redirection is aborted.

any ideas ?

Answer 1

This should be a comment but I cannot comment. I hope this helps you.

A while ago we had some problems with redirections due to CORS usage in Safari.

Safari aborts the request because it does a pre-flight request before and maybe the config was/is not adequate.

I would try the following (it worked for us):

supportedHeaders: pageSuccess,pageError,pageLogin,Origin,Accept-Language,Accept-Encoding

supportedMethods: GET, POST, HEAD, PUT, DELETE, OPTIONS

exposedHeaders: pageSuccess, pageError, pageLogin

Also allow subdomains, supported credentials and allow generic http requests should be set to true.

We exposed some other info in the headers giving values of true/false (see exposedHeaders and supportedHeaders) Like ErrorPage or SuccesPage and when these were present on the response we get them using jqXHR.getResponseHeader('erroPage') in order to perform the redirections.

Here you will find a couple of usefull links:

• http://zacstewart.com/2012/04/14/http-options-method.html
• https://www.nczonline.net/blog/2010/05/25/cross-domain-ajax-with-cross-origin-resource-sharing/
• http://software.dzhuvinov.com/cors-filter.html
• http://enable-cors.org/resources.html

Regards.

Ps. You config seems to be almost the same as ours. There are only differences on the supportedHeaders (and of course the exposedHeaders added specially for our case)