In our application we have been injecting a pair of headers into requests initiated by the browser by adding a BeforeRequestLoad event handler and adding the headers to the request.
Starting in the latest version of EO.WebBrowser (21.0.18) this no longer works works when the request is a cross origin request.
I've been trying to understand why this no longer works, and one thing I've come up with is that the rules about when extra headers can be added has changed, however I'm finding it hard to verify this information and was hoping someone could provide some additional confirmation?
I did suspect that maybe the browser was failing to send preflight checks correctly for these requests because of how we are injecting the headers, but the preflight's are being sent correctly and we are getting a response that indicates the headers are not allowed.
Quote:
Access to XMLHttpRequest at 'http://domain1/' from origin 'http://domain2' has been blocked by CORS policy: Request header field x-customer-header is not allowed by Access-Control-Allow-Headers in preflight response.
Any information you might have or even verification that this is due to new cors requirements in the browser would be greatly appreciated.