Beanow
commented
9 years ago Observed this as well. It happens because you've previously received an API reply from a different whitelisted host and with the 304 it checks for the previous host, cached by the browser. May also occur between www. and new. websitor.net
bartwr
The user does not always stay logged in.
It looks like the problem is that the Access-Control-Allow-Origin is not included in a cached (304 not modified) callback. Screenshot:
FYI: http://webistor.lvho.st/ is whitelisted.