Uppy XHR Upload Failing on Safari - Weird CORS Error

Hi everyone,

seeing this strange Safari console error when trying to upload images through Uppy on Safari:

[Error] Header Access-Control-Allow-Headers has an invalid value: 1 GMT
[Error] XMLHttpRequest cannot load [direct-creator-upload-link] due to access control checks.

Our setup uses a simple Uppy’s XHR upload:

.use(XHR, {
  endpoint: "one-time upload URL from Cloudflare Direct Creator Upload",
  formData: true,
  fieldName: "file",
  allowedMetaFields: [],
})

The weird part - works fine everywhere except Safari…(as expected) The “1 GMT” in the error looks like a date stamp? Here’s also an example preflight OPTIONS response from Cloudflare Direct Creator Upload link:

-H "Origin: https://example.com" \
-H "Access-Control-Request-Method: GET" \
"[direct creator upload link]"
HTTP/2 200 
date: Fri, 31 Jan 2025 17:47:26 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-headers: 
access-control-allow-methods: POST, OPTIONS
access-control-max-age: 86400
server: cloudflare

Would appreciate any help…