Not anything concrete, just memories of things not working, me looking at the JS console, seeing CORS errors, and seeing it work in Chrome, as I described. And the comment I replied to showed that it works differently between websites, namely:
if (host == "tripadvisor.com"_s || host.endsWith(".tripadvisor.com"_s))
m_needsRelaxedCorsMixedContentCheckQuirk = true;
That's a site-specific partial exemption from the same origin policy, as far as i can tell (without further context at the moment). Not a difference in how CORS works generally across Safari.
CORS is frustrating for a lot of developers as it can be tough to gain a complete understanding of the spec, and an understanding of the same origin policy is required. But implementation of the CORS spec(s) isn't notably different across modern browsers, now that IE is out of the picture. CORS was a real nightmare in IE. Microsoft even introduced an XHR cousin named XDR in IE10 to handle cross-origin requests, and it wasn't even a complete implementation of CORS.
mort96|1 year ago
upheaval7276|1 year ago
CORS is frustrating for a lot of developers as it can be tough to gain a complete understanding of the spec, and an understanding of the same origin policy is required. But implementation of the CORS spec(s) isn't notably different across modern browsers, now that IE is out of the picture. CORS was a real nightmare in IE. Microsoft even introduced an XHR cousin named XDR in IE10 to handle cross-origin requests, and it wasn't even a complete implementation of CORS.
This is a great resource to gain a more comprehensive understanding: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS