Why is this CORS request failing only in Firefox?

Question

I\'m implementing CORS with credentials and a preflight request and I\'m a bit mystified why the preflight request consistently fails in Firefox 30 but works in Safari (7.0.

Answer 1

Note that Firefox is the only browser that is compliant here. If parsing of Access-Control-Allow-Methods fails per https://fetch.spec.whatwg.org/#cors-preflight-fetch a network error needs to be returned. And per the ABNF for the header value it is most definitely a comma-separated value.