Cross-Origin Request Blocked on palemoon works in edge

Talk about code development, features, specific bugs, enhancements, patches, and similar things.
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.

This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.

Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Unknow

Cross-Origin Request Blocked on palemoon works in edge

Unread post by Unknow » 2021-07-01, 17:03

Hi,

on palemoon i have:

Code: Select all

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.mangadex.org/auth/login. (Reason: missing token ‘content-type’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel).
but i can see in the response headers that all headers should be allowed:

Code: Select all

HTTP/2.0 204 No Content
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1=8klJMeL53HlI7Ehu4mdW; Domain=.mangadex.org; HttpOnly; Path=/; Expires=Fri, 01-Jul-2022 16:32:57 GMT
date: Thu, 01 Jul 2021 16:32:57 GMT
x-frame-options: DENY
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin
access-control-allow-origin: https://mangadex.org
access-control-allow-credentials: true
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE
access-control-allow-headers: *
content-type: text/plain charset=UTF-8
X-Firefox-Spdy: h2
as expected the same request works on edge.

Regards

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35478
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Cross-Origin Request Blocked on palemoon works in edge

Unread post by Moonchild » 2021-07-01, 18:04

* (wildcard)
The value "*" only counts as a special wildcard value for requests without credentials (requests without HTTP cookies or HTTP authentication information). In requests with credentials, it is treated as the literal header name "*" without special semantics. Note that the Authorization header can't be wildcarded and always needs to be listed explicitly.
So we're doing things exactly according to the specification, and Edge (chromium) does not.
Off-topic:
Please contact staff to request an acceptable forum user name.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Unknow

Re: Cross-Origin Request Blocked on palemoon works in edge

Unread post by Unknow » 2021-07-01, 20:36

hoo ok for the info i will try to ask the site to fix it then <(^ߑ^)>

thanks.

Locked