Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers

Question

I\'m trying to send files to my server with a post request, but when it sends it causes the error:

Request header field Content-Type is not allowed by

Answer 1

The server (that the POST request is sent to) needs to include the Access-Control-Allow-Headers header (etc) in its response. Putting them in your request from the client has no effect.

This is because it is up to the server to specify that it accepts cross-origin requests (and that it permits the Content-Type request header, and so on) – the client cannot decide for itself that a given server should allow CORS.