Latest update broke CORS for my webapp



Description of the issue:

I have a webapp that relies on a Cross-Origin-Resource-Sharing OPTION request being approved before it sends a request to the API server. Those OPTION request are getting a Status Code of 307 Internal Redirect. This does not happen in Chrome, Safari, or Firefox, and until the latest update, it worked correctly in Brave as well.

Steps to Reproduce (add as many as necessary):

  1. Create an account at

  2. Go go

  3. Click the “Login” link, enter your username and password, Get a screen with four blank columns (the “Popular” and “a” columns should have data).

  4. Open the DevTools, and select the “Network” tab.

  5. Click on the circular arrow icon to the left of “Popular” at the top of that column.

  6. Note that there are two “notifications” OPTION requests, both with a “Status Code” of “307 Internal Redirect.”

Actual Result (gifs and screenshots are welcome!):

The image isn’t showing up for me. It’s at

![Brave debugger network tab]( "")

Expected result:

Here’s what it looks like in Chrome (Version 70.0.3538.110 (Official Build) (64-bit)):

Image is at

![Brave debugger network tab]( "")

Reproduces how often:


Brave Version(about:brave):

Version 0.57.18 Chromium: 71.0.3578.80 (Official Build) (64-bit)

Reproducible on current live release (yes/no):

I don’t know what the “live release” is. I have only tested it in the version above.

Additional Information:

This is in MacOS High Sierra, 10.13.6 (17G65)



Same problem here. Disable cookie blocking from shields for a temporary workaround, but this must be solved.


Thanks for the workaround. It works for my webapp, so that’s what I’ll use until the Brave crew fixes it.


Yep, I also have a webapp with the same problem. And my boss just switched to Brave after I sang praises about it. Great, lol.


Same issue! We are web developers and several of our apps don’t work anymore!
OPTIONS are getting 307. It seems like they don’t even reach the server.

Problem exists with servers based on node.js and also JAVA/Tomcat.

It’s a Brave bug, no?

closed #6

This topic was automatically closed after 30 days. New replies are no longer allowed.