Request header was not present in the Access-Control-Allow-Headers list

Question

In my API, I have the following code:

public class CustomOAuthProvider : OAuthAuthorizationServerProvider
{

    public override Task MatchEndpoint(OAuthMatc         


        

Answer 1

Make sure it's not as simple as a misspelling of the content-type header in your AJAX. I was getting this with an OPTIONS preflight with an application/x-www-form-urlencoded content-type, which doesn't necessitate a preflight, but I had

content-type: application/x-www-form-urlencoded

instead of

application/x-www-form-urlencoded

as my contentType option.

WRONG:

$.ajax({
    url: 'http://www.example.com/api/Account/Token',
    contentType: 'content-type: application/x-www-form-urlencoded',
    method: 'POST',
    data: {
        grant_type: "password",
        username: $('#username').val(),
        password: $('#password').val()
    },
});

RIGHT:

$.ajax({
    url: 'http://www.example.com/api/Account/Token',
    contentType: 'application/x-www-form-urlencoded',
    method: 'POST',
    data: {
        grant_type: "password",
        username: $('#username').val(),
        password: $('#password').val()
    },
});