React Error : x-csrf-token is not allowed by Access-Control-Allow-Headers in preflight response

Question

I am trying to doing a post request by passing "X-CSRF-TOKEN" into the headers i am getting this error Request header field x-csrf-token is not allowed by Access-Control-Allow-Headers in preflight response. Below is my code.

const headers = {
      "Content-Type": "application/json",
      "X-CSRF-TOKEN": "g3DW38GFNJoUd9krAYwU8855GZs_fRfEPFFF9aJNLgI",
 "Access-Control-Allow-Headers":
      "Origin, X-Requested-With, Content-Type, Accept, Authorization,X-Auth-Token, X-CSRF-TOKEN",
      "Access-Control-Allow-Origin": "http://localhost:3000",
      "Access-Control-Allow-Credentials":"true"* 
    };
    axios
      .post(url,data,{ headers: headers })
      .then((res) => {
        console.log("response", res);
      })
      .catch((err) => {
        console.log(err);
      });

`Access-Control-Allow-*` are **response** headers that comes from the server. They do not belong in your request and in general will more than likely result in CORS errors. — Phil, Dec 22 '21 at 05:23
@Phil ya you are right, but after removing that header i am still getting the same error — Geetanjali Katare, Dec 22 '21 at 05:25
The server hasn't been configured to allow `X-CSRF-TOKEN` via `Access-Control-Allow-Headers`. Seems like an oversight if that header is actually required. Are you sure it's not meant to be a cookie value? — Phil, Dec 22 '21 at 05:26

React Error : x-csrf-token is not allowed by Access-Control-Allow-Headers in preflight response

0 Answers0