Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Why is this cross site XHR request blocked?

  • No replies
  • 1 has this problem
  • 9 views
more options

Using Firefox 83.0 on Windows 7 and Windows 10, no plugins or extensions installed.

  • I open a HTML page on server https://secure...
  • The page successfully loads lots of scripts and other resources from server https://deimos...
  • When using an XHR request to access an ODATA resource on https://deimos... the request is marked as "blocked" in DevTools, see screenshot
  • When hovering the "blocked" icon in the console, "blocked by DevTools" is displayed
  • The page works fine in Chromium based browsers (tested Edge, Chrome, Firefox)
  • The page works fine if it is hosted on https://deimos... instead of https://secure... (that's why I assume that it is some Cross-Origin issue)
  • The server provides Access-Control-* headers, see screenshot. The headers provided for the blocked XHR request are the same if I check them in the chromium based browsers.
  • There is no sign (like a pre-flight OPTIONS request) of the blocked request in the web server logs
  • Only requestr which use credentials are blocked. Other XHR-requests without credentials (like the one following the blocked request on the screenshot) seem to succeed.

I played around with the "Content-Security-Policy" meta tag in the document, with no success. For requests blocked by this policy, DevTools explicitly displayed the Content Security Policy as the reason for blocking the request.

I found lots of posts on the net concerning the Access-Control-Allow-Credentials header, also I found that for requests with credentials the Access-Control-Allow-Origin header must not return "*". IMHO those are correctly provided by my server.

Any idea of what is going wrong here? I can provide the link to access the page in a personal mail...

Kind regards Ted

Attached screenshots

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.