Created attachment 8591667 [details] cors.png User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 Steps to reproduce: Made two Ajax POST request to the same URL which has CORS enabled with different payloads. Request headers for the both the requests: Accept : text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding : gzip, deflate Accept-Language : en-US,en;q=0.5 Host : subdomain.basedomain.com Origin : http://subdomain.basedomain.com Referer : http://subdomain.basedomain.com/?gId=12&nId=1&iId=1&sid=1428930190670&lng=de&key=374364a90dd9721 e0fbfdebc39ce562bbc2bfb83749b57fa User-Agent : Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0 Response headers from the first request: Access-Control-Allow-Origin : * Connection : keep-alive Content-Length : 1 Content-Type : text/html Date : Mon, 13 Apr 2015 13:03:50 GMT Server : nginx X-Powered-By : PHP/5.3.3 Actual results: First request succeeds and returns the response but the second one fails with error: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at <URL>. This can be fixed by moving the resource to the same domain or enabling CORS. Expected results: The second request should also behaved like the first one and returned the response because only difference between both the requests is the payload.
Any chance this is still reproducible? Do you have a testcase?
Closing this issue due to lack of response from reporter.