Steps to reproduce
- Make CORS request to URL that returns a 303 with Location header set in the response
- Observe XHR error handler called with with xhr.status === 0
The following repo illustrates the issue:
Comments and activity
- Microsoft Edge Team
Changed Assigned To to “James M.”
Changed Assigned To to “Venkat K.”
Changed Assigned To from “Venkat K.” to “Scott W.”
Not just 303. Any redirect that involves preflight 301,302,307,308. IE11 does not have the issue.
I see a similar behaviour when making an http CORS request from http origin to a domain with HSTS redirect, In other browsers the request is redirected with 307 Internal Redirect to https, but in IE11 the request is aborted without warnings or errors and in Edge there is a warning about “origin not found in Access-Control-Allow-Origin header”
Any update on this issue? We are seeing similar behavior when doing an http POST to a url that returns 307.
This is a serious problem that has a direct impact on Edge users when utilizing services that incorporate such 30x redirects and CORS preflight is involved.
Frankly, I find it disheartening that Microsoft Support has been unable to provide any form of meaningful feedback for the past few months about the state of this issue.
Edge is becoming the last of the modern browsers that does not follow these redirects properly, Mozilla managed to fix that just recently in their Firefox Nightly branch and webkit/blink based browsers handle these redirects already fine.
This issue is happening for our site as well which supports millions of users a month. IE11 isn’t an issue, nor is Firefox or Chrome. What is the solution here? How is this not a more urgent ticket for MS?