Latest update broke CORS for my webapp

billstclair · December 7, 2018, 9:56pm

Description of the issue:

I have a webapp that relies on a Cross-Origin-Resource-Sharing OPTION request being approved before it sends a request to the API server. Those OPTION request are getting a Status Code of 307 Internal Redirect. This does not happen in Chrome, Safari, or Firefox, and until the latest update, it worked correctly in Brave as well.

Steps to Reproduce (add as many as necessary):

Create an account at https://gab.com
Go go https://gabdecker.com
Click the “Login” link, enter your username and password, Get a screen with four blank columns (the “Popular” and “a” columns should have data).
Open the DevTools, and select the “Network” tab.
Click on the circular arrow icon to the left of “Popular” at the top of that column.
Note that there are two “notifications” OPTION requests, both with a “Status Code” of “307 Internal Redirect.”

Actual Result (gifs and screenshots are welcome!):

The image isn’t showing up for me. It’s at https://etwof.com/gab/brave-debugger-network-tab.png

![Brave debugger network tab](https://etwof.com/gab/brave-debugger-network-tab.png "")

Expected result:

Here’s what it looks like in Chrome (Version 70.0.3538.110 (Official Build) (64-bit)):

Image is at https://etwof.com/gab/chrome-debugger-network-tab.png

![Brave debugger network tab](https://etwof.com/gab/chrome-debugger-network-tab.png "")

Reproduces how often:

Always

Brave Version(about:brave):

Version 0.57.18 Chromium: 71.0.3578.80 (Official Build) (64-bit)

Reproducible on current live release (yes/no):

I don’t know what the “live release” is. I have only tested it in the version above.

Additional Information:

This is in MacOS High Sierra, 10.13.6 (17G65)

kxlt · December 7, 2018, 10:33pm

++

Same problem here. Disable cookie blocking from shields for a temporary workaround, but this must be solved.

billstclair · December 7, 2018, 10:38pm

Thanks for the workaround. It works for my webapp, so that’s what I’ll use until the Brave crew fixes it.

kxlt · December 7, 2018, 10:40pm

Yep, I also have a webapp with the same problem. And my boss just switched to Brave after I sang praises about it. Great, lol.

pa1nd · December 10, 2018, 9:15pm

Same issue! We are web developers and several of our apps don’t work anymore!
OPTIONS are getting 307. It seems like they don’t even reach the server.

Problem exists with servers based on node.js and also JAVA/Tomcat.

It’s a Brave bug, no?

system · January 6, 2019, 9:56pm

This topic was automatically closed after 30 days. New replies are no longer allowed.

Topic		Replies	Views
CORS Redirect Issue Desktop Support bug	2	615	December 13, 2018
CORS error - working on chrome Desktop Support bug	2	1595	February 16, 2019
Multiple websites not functioning properly (CORS error?) Desktop Support webcompat	2	2166	February 24, 2019
Cross domain problems with several sites Browser Support windows , linux	1	281	August 27, 2023
React website behaving differently in Brave (XMLHttpRequest preflight) Web Compatibility	2	3375	February 9, 2019
Log blocking activity in console Desktop Requests shields	0	1229	April 12, 2019
Extension oldredditredirect does not work for links coming from google Desktop Support bug	3	405	March 6, 2019
CORS Error on multiple sites Browser Support macos	10	6023	May 12, 2021