I ran into this once when I had a password protected domain through .htaccess. It's probably not that for you, but thought it might be helpful to mention.

Thanks for that but it doesn't appear to be the case. .htaccess only has the Pretty URL stuff in it. It's installed in a sub-domain but the .htaccess on the root has nothing too important in it either.

Hummmm....

I thought it was a long shot.... other ideas - something with mod-security or maybe something needed in the php.ini file? Had some trouble before with too small of a max upload size, but don't think it was the 302 error.

Another simple thing, but maybe updating your Flash player could fix it?

I don't know much about ModSecurity, but I've had a few times where concrete5 actions trigger rules on a particular server, preventing content from being added.

I've had these kind of problems in Composer and when adding product information in eCommerce.

For reference the two rules so far I've had to ask to be whitelisted are:
#350147
#350148

I reckon it would be worth seeing if you can find which rule triggered your error, in case someone else comes across this issue but can't get Modsec turned off completely.

Editing the .htaccess file worked for me. Thanks for sharing.