Resolving "Request Header Field Access-Control-Allow-Headers is Not Allowed by Access-Control-Allow-Headers" Error
In an attempt to rectify the initial error, headers were added to the request to allow various methods and headers. However, this led to a new error: "Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers."
Understanding CORS and Preflight Requests
The issue stems from the fact that browsers send a preflight OPTIONS request for cross-origin requests with certain content types. By default, Angular sends data with an application/json content type, which triggers this preflight request.
Server Response and Headers
The server must explicitly allow the Access-Control-Allow-Headers header in its response to prevent the error. Otherwise, the browser will interpret the response as not allowing any headers.
Solution: Modifying Content Type or Server Response
To resolve the issue, modify either the client or server configuration:
1. Client-Side (Angular):
Overwrite the default Angular content type to application/x-www-form-urlencoded, which does not trigger a preflight request:
$http.post(url, data, {
headers : {
'Content-Type' : 'application/x-www-form-urlencoded; charset=UTF-8'
}
});2. Server-Side:
Alternatively, allow the Access-Control-Allow-Headers header on the server. The following response headers must be set:
The above is the detailed content of How to Fix the \'Request Header Field Access-Control-Allow-Headers is Not Allowed by Access-Control-Allow-Headers\' Error in Cross-Origin Requests?. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
