problems with Cross Origin Resource Sharing: both OSX Safari and iOS Safari fail after preflight request

Question

Recently I come into a trouble with CORS(Cross Origin Resource Sharing) request on Safari, both OSX and iOS, while the same request works perfectly on Chrome and Firefox. I follow the documentation of W3C and handle preflight request on server side, my response is like:

HTTP/1.0 200 OK
Access-Control-Allow-Origin: http://192.168.1.96:4399
Access-Control-Allow-Methods: POST
Access-Control-Allow-Methods: GET
Access-Control-Allow-Methods: OPTIONS
Access-Control-Allow-Headers: Origin
Access-Control-Allow-Headers: Authorization
Access-Control-Allow-Headers: X-Requested-With
Access-Control-Allow-Headers: Accept
Access-Control-Allow-Headers: Access-Control-Request-Method
Access-Control-Allow-Headers: Access-Control-Request-Headers
Access-Control-Allow-Headers: DNT
Access-Control-Allow-Headers: X-CustomHeader
Access-Control-Allow-Headers: Content-Type
Access-Control-Max-Age: 0
Date: Fri, 25 Nov 2016 08:45:25 GMT
Origin: http://192.168.1.96:4399
Access-Control-Expose-Headers: Origin
Content-Encoding: gzip
Transfer-Encoding: chunked

Such response works fine on Chrome, Firefox, and Android Browser: a POST request is sent right after the preflight request. But on Safari, after server response the reflight request, I got such error message from console:

Failed to load resource: The network connection was lost.

I inspect the preflight response from server, but find it the same as above... After searching and trying so many times, I still can't make it work :-(
Is there anybody that come across the problem before? Could anyone figure out what mistake I've made?
Thanks very much in advance!

Answer 1

It's all about Safari add origin to OPTIONS request header Access-Control-Request-Headers.

So to fix it you should enable this header in Access-Control-Allow-Headers in response.

PS: see similar question CORS request not working in Safari