"request header field access-control-allow-headers is not allowed by access-control-allow-headers in preflight response" Answer’s


remove this:

headers: {"Access-Control-Allow-Headers": "Content-Type"},

from your jQuery.ajax call.

The server responds with a Access-Control-Allow-Headers header, the client doesn't send it to the server.

The client sends a Access-Control-Request-Headers to request allowing certain headers, the server responds back with with a Access-Control-Allow-Headers that lists the actual headers its going to allow. The client does not get to demand what headers are allowed.

Wednesday, March 31, 2021
answered 11 Months ago

The server (that the POST request is sent to) needs to include the Access-Control-Allow-Headers header (etc) in its response. Putting them in your request from the client has no effect.

This is because it is up to the server to specify that it accepts cross-origin requests (and that it permits the Content-Type request header, and so on) – the client cannot decide for itself that a given server should allow CORS.

Tuesday, June 1, 2021
answered 9 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :