Request header field Access-Control-Allow-Headers is not allowed by itself in preflight response

by

When you start playing around with custom request headers you will get a CORS preflight. This is a request that uses the HTTP OPTIONS verb and includes several headers, one of which being Access-Control-Request-Headers listing the headers the client wants to include in the request.

You need to reply to that CORS preflight with the appropriate CORS headers to make this work. One of which is indeed Access-Control-Allow-Headers. That header needs to contain the same values the Access-Control-Request-Headers header contained (or more).

https://fetch.spec.whatwg.org/#http-cors-protocol explains this setup in more detail.

More Related Contents:

  1. Enabling CORS in Create React App utility
  2. Can't post data to Google Cloud Run
  3. Why doesn’t adding CORS headers to an OPTIONS route allow browsers to access my API?
  4. No ‘Access-Control-Allow-Origin’ – Node / Apache Port Issue
  5. CORS Error: “requests are only supported for protocol schemes: http…” etc
  6. How to enable cors nodejs with express?
  7. How to enable cross-origin resource sharing (CORS) in the express.js framework on node.js
  8. Allow CORS REST request to a Express/Node.js application on Heroku
  9. Queries hang when using mongoose.createConnection() vs mongoose.connect()
  10. How to use passport with express and socket.io?
  11. Getting Spotify API access token from frontend JavaScript code
  12. Express routes parameters
  13. Does Axios support Set-Cookie? Is it possible to authenticate through Axios HTTP request?
  14. How do I detect whether I am on server on client in next.js?
  15. Allowing frontend JavaScript POST requests to https://accounts.spotify.com/api/token endpoint
  16. Access to XMLHttpRequest at ‘…’ from origin ‘localhost:3000’ has been blocked by CORS policy
  17. Angular and Express routing
  18. Getting express server to accept CORS request
  19. Access to fetch at https://accounts.google.com/o/oauth2/v2/auth has been blocked by CORS
  20. CORS-enabled server not denying requests
  21. Firebase Hosting with dynamic cloud functions rewrites
  22. How to resolve ‘preflight is invalid (redirect)’ or ‘redirect is not allowed for a preflight request’
  23. How to call a Python function from Node.js
  24. CORS – Is it a client-side thing, a server-side thing, or a transport level thing? [duplicate]
  25. Catch all uncaughtException for Node js app
  26. pass JSON to HTTP POST Request
  27. Internet Explorer 11 does not add the Origin header on a CORS request?
  28. How can I get Express.js to 404 only on missing routes?
  29. CORS error with jquery
  30. MediaElementAudioSource outputs zeroes due to CORS access restrictions

Leave a Comment