It appears Apple has made safari near draconian with cross site stuff; the noVNC tab that opens shows errors redirecting to our in-domain SSO app, viz:
[Error] Cross-origin redirection to https://shibboleth.arizona.edu/idp/profile/SAML2/Redirect/SSO;jsessionid=ondbvq9lo3pb15u8enxls91cz?execution=e1s1 denied by Cross-Origin Resource Sharing policy: Origin https://ooddev.hpc.arizona.edu is not allowed by Access-Control-Allow-Origin.
[Error] Cross-origin redirection to https://shibboleth.arizona.edu/idp/profile/SAML2/Redirect/SSO;jsessionid=ondbvq9lo3pb15u8enxls91cz?execution=e1s1 denied by Cross-Origin Resource Sharing policy: Origin https://ooddev.hpc.arizona.edu is not allowed by Access-Control-Allow-Origin.
[Error] Failed to load resource: Cross-origin redirection to https://shibboleth.arizona.edu/idp/profile/SAML2/Redirect/SSO;jsessionid=ondbvq9lo3pb15u8enxls91cz?execution=e1s1 denied by Cross-Origin Resource Sharing policy: Origin https://ooddev.hpc.arizona.edu is not allowed by Access-Control-Allow-Origin. (SSO, line 0)
[Error] TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy. promiseReactionJob
Any suggestions on config changes to placate safari?