I am getting this error in Chrome when trying to send an ajax request:
Content-Type is not allowed by Access-Control-Allow-Headers
Everything works fine in Firefox.
Can anyone help me to resolve this issue?
Asked
Active
Viewed 9.1k times
62
sideshowbarker
- 81,827
- 26
- 193
- 197
Vinay Verma
- 1,124
- 3
- 12
- 18
6 Answers
115
I solved the problem adding to Apache Web Server virtual host configuration the following settings
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept"
Giulio Roggero
- 1,692
- 1
- 16
- 11
-
I had the same problem. If you are using Django , use CORS HEADERS module, Check this CORS_ALLOW_HEADERS - https://github.com/ottoyiu/django-cors-headers/ – VishwaKumar Sep 12 '14 at 07:14
-
@GiulioRoggero : I know I should not ask this here, but still after adding header to response, I am getting the same issue. – Kishor Pawar Jul 21 '15 at 11:49
-
Can u please which file i should add these 2 lines? i had set this in .htaccess file og Magento and still i get preflight error msg!! – Sushivam Apr 16 '17 at 04:55
-
@SachinS this is apache.conf file – Giulio Roggero Apr 18 '17 at 12:57
17
Solution for PHP:
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST,GET,OPTIONS');
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept');
(Need to send that before any other content)
BlaM
- 28,465
- 32
- 91
- 105
-
1This information was spot on, below is my 'complete' code for the solution. `header('Access-Control-Allow-Origin: http://example.com'); header('Access-Control-Allow-Methods: GET,OPTIONS'); header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept'); echo $_GET['callback'].json_encode($data);` – Jeff Bluemel Apr 25 '17 at 15:12
5
Set up CORS (Cross-site HTTP Requests) in node. For me it looks like the following:
app.use('/api', function(req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type');
next();
});
GentryRiggen
- 788
- 10
- 10
-
1Could you please suggest on how to fix this issue in Angular 2: After following all the posts i still face: Response for preflight has invalid HTTP status code 400 – Sushivam Apr 16 '17 at 04:58
4
for nginx
location / {
proxy_pass http://localhost:59100;
proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
# Simple requests
if ($request_method ~* "(GET|POST)") {
add_header "Access-Control-Allow-Origin" *;
}
# Preflighted requests
if ($request_method = OPTIONS ) {
add_header "Access-Control-Allow-Origin" *;
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD";
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
}
# proxy_cache_bypass $http_upgrade;
# add_header Access-Control-Allow-Origin *;
# add_header Access-Control-Allow-Headers Content-Type;
}
see https://distinctplace.com/2017/04/17/nginx-access-control-allow-origin-cors/
dcsan
- 11,333
- 15
- 77
- 118
2
I had the same problem and I solved it by adding the following header: Access-Control-Allow-Headers: content-type
Van Coding
- 24,244
- 24
- 88
- 132
-
1To what did you add this header to? To the request that you originated in the client side? – Jadiel de Armas Apr 01 '15 at 16:40
-
Cant speak for @Van Coding, but to get this to work you should add this header to the http response. – Paul0515 Apr 05 '15 at 15:51
0
To me with PHP, localy works even if i set only this header setting:
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept');
Pauls Bebris
- 399
- 4
- 6