"cross-origin requests that require preflight" - Cors apache configuration

Question

I wrote in my httpd.conf about Apache these lines:

<IfModule mod_headers.c>
    Header always set Access-Control-Allow-Origin: *
    Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
    Header always set Access-Control-Max-Age "1000"
    Header always set Access-Control-Allow-Headers "X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, Accept-Encoding"
</IfModule>

In the console of browser I have this error:

XMLHttpRequest cannot load '...'. The request was redirected to '...', which is disallowed for cross-origin requests that require preflight.

I I see the request in the network, The response Header is correct.

What I am wrong?

see this http://stackoverflow.com/questions/10640596/header-set-access-control-allow-origin-in-htaccess-doesnt-work — Girish, Jun 10 '15 at 10:47

score 0 · Answer 1 · edited May 23 '17 at 12:29

0

According to this answer Apache is doing the correct thing. The other answers there may help as well.

You can return a 200 for preflighted requests; that is return a 200 for OPTIONS requests before the redirect with the necessary headers.

edited May 23 '17 at 12:29

Community

1
1

answered Aug 01 '15 at 11:22

khornberg

386
3
11

"cross-origin requests that require preflight" - Cors apache configuration

1 Answers1