When I try and access a custom header from a cross-site AJAX request on Safari 5.1.4 I get the following error:
Refused to get unsafe header "x-geoip_country_code"
On Safari 8.0.7 and all other browsers I can access the header without problems.
These are the headers the server is returning for the request:
Date:Sun, 10 Dec 2017 13:07:27 GMT
Expires:Sat, 09 Dec 2017 14:55:09 GMT
Last-Modified:Fri, 08 Dec 2017 14:55:09 GMT
I have tried changing the 'X-GEOIP_COUNTRY_CODE' part of the headers to all lower case and also adding the Access-Control-Allow-Headers header, both on preflight and the actual request. (It's just a simple GET so it shouldn't actually be pre-flighted and no pre-flight request shows on Safari's Network tab, though I didn't check the server logs).
Calling getAllResponseHeaders() from the XMLHttpRequest rather than checking for my specific header only shows the standard headers.
Anyone know what the problem is? Just a bug on old Safari?