When I try and access a custom header from a cross-site AJAX request on Safari 5.1.4 I get the following error:
Refused to get unsafe header "x-geoip_country_code"
On Safari 8.0.7 and all other browsers I can access the header without problems.
These are the headers the server is returning for the request:
Access-Control-Allow-Methods:GET,OPTIONS Access-Control-Allow-Origin:* Access-Control-Expose-Headers:X-GEOIP_COUNTRY_CODE Cache-Control:no-cache Connection:keep-alive Content-Encoding:gzip Content-Type:application/xml Date:Sun, 10 Dec 2017 13:07:27 GMT Etag:W/"5a2aa7cd-658" Expires:Sat, 09 Dec 2017 14:55:09 GMT Keep-Alive:timeout=10 Last-Modified:Fri, 08 Dec 2017 14:55:09 GMT Server:nginx/1.13.3 Transfer-Encoding:Identity Vary:Accept-Encoding X-GEOIP_COUNTRY_CODE:US
I have tried changing the ‘X-GEOIP_COUNTRY_CODE’ part of the headers to all lower case and also adding the Access-Control-Allow-Headers header, both on preflight and the actual request. (It’s just a simple GET so it shouldn’t actually be pre-flighted and no pre-flight request shows on Safari’s Network tab, though I didn’t check the server logs).
Calling getAllResponseHeaders() from the XMLHttpRequest rather than checking for my specific header only shows the standard headers.
Anyone know what the problem is? Just a bug on old Safari?