CORS Access-Control-Allow-Headers wildcard being ignored?

by

Support for wildcards in the Access-Control-Allow-Headers header was added to the living standard only in May 2016, so it may not be supported by all browsers. On browser which don’t implement this yet, it must be an exact match: https://www.w3.org/TR/2014/REC-cors-20140116/#access-control-allow-headers-response-header

If you expect a large number of headers, you can read in the value of the Access-Control-Request-Headers header and echo that value back in the Access-Control-Allow-Headers header.

More Related Contents:

  1. What is the maximum length of a URL in different browsers?
  2. Are the PUT, DELETE, HEAD, etc methods available in most web browsers?
  3. Why is an OPTIONS request sent and can I disable it?
  4. Do I need Content-Type: application/octet-stream for file download?
  5. What requests do browsers’ “F5” and “Ctrl + F5” refreshes generate?
  6. CORS with POSTMAN
  7. When do browsers send the Origin header? When do browsers set the origin to null?
  8. How to download multiple files with one HTTP request?
  9. CORS request with Preflight and redirect: disallowed. Workarounds?
  10. Where can I find the default timeout settings for all browsers?
  11. Why can’t browser send gzip request?
  12. How does “304 Not Modified” work exactly?
  13. What are proper status codes for CORS preflight requests?
  14. Using “transfer-encoding: chunked”, how much data must be sent before browsers start rendering it?
  15. Do web browsers always send a trailing slash after a domain name?
  16. Setting HTTP headers
  17. Angular2 OPTIONS method sent when asking for http.GET [duplicate]
  18. Cross Origin Resource Sharing with Credentials
  19. Chunked transfer encoding – browser behavior
  20. Official references for default values of concurrent HTTP/1.1 connections per server? [closed]
  21. How to make XMLHttpRequest cross-domain withCredentials, HTTP Authorization (CORS)?
  22. How does url rewrite works?
  23. What is the difference between POST and PUT in HTTP?
  24. How long do browsers cache HTTP 301s?
  25. What is the difference between HTTP status code 200 (cache) vs status code 304?
  26. Browser support of multipart responses
  27. HTTP Range header
  28. Content-Length header with HEAD requests?
  29. What is the main difference between PATCH and PUT request?
  30. How to pass basic auth credentials in API call for a Flutter mobile application?

Leave a Comment