Intermittent cookieless requests with Sec-Fetch-Mode=cors
I'm trying to track down a problem in our (Java, Spring-based) web application, that seems to occur whenever some extra, unexpected requests arrive from Firefox, with no session cookie attached, and with some Sec-Fetch headers different from the requests before and after them:
Sec-Fetch-Dest=empty;Sec-Fetch-Mode=cors;Sec-Fetch-Site=same-origin
These requests do not appear in the Firefox developer panel, network tab, even with all requests selected.
But both the HTTP access log and a custom "log everything" filter show the above, with the same Firefox User Agent, no cookies, and no Referer header.
e.g. 9:13:12,426 DEBUG com.ibm.gs.houston.filters.RequestLogFilter:GET->http://localhost:9080/payment/pos?execution=e1s1 (null/false), headers:Host=localhost:9080;User-Agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0;Accept=*/*;Accept-Language=en-US,en;q=0.8,es-MX;q=0.5,es;q=0.3;Accept-Encoding=gzip, deflate, br;DNT=1;Connection=keep-alive;Sec-Fetch-Dest=empty;Sec-Fetch-Mode=cors;Sec-Fetch-Site=same-origin;, cookies:
I'm looking for any ideas why Fx is sending these requests.