I lately discovered an annoying problem with Brave. Several websites do not work, throwing CORS problems in the console for scripts. Firefox does not see any problem and works like expected, so I suspect this is something in the Brave browser. I’m not sure if Brave is too ridgid with those rules or Firefox is too lenient, or that it’s a bug in Brave.
A few examples are f.i. https://500px.com (accessing the website) or uploading photo’s to flickr.com.
As an example, logging in on f1tv (https://account.formula1.com/#/en/) gives the following error
Access to XMLHttpRequest at 'https://api.formula1.com/v2/account/subscriber/authenticate/by-password' from origin 'https://account.formula1.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
Changing settings of the shield or even turning it of does not help. For now I’ll revert to using Firefox for these sites, but it’s annoying.
It’s the same on both Windows and Linux and at least on Linux it’s the latest version 1.56.14-1.
edit brave-beta seems to work.