I am doing a file upload via AJAX. However, I am getting this error:
Request header field token is not allowed by Access-Control-Allow-Headers
Here's the response headers from the website I am uploading to, and the response headers all seem fine:
HTTP/1.1 200 OK
Access-Control-Allow-Headers: X-Requested-With, X-Prototype-Version, Content-Disposition, Cache-Control, Content-Type
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Origin: :9292
Access-Control-Max-Age: 1728000
Cache-Control: no-cache
Content-Encoding: gzip
Content-Type: text/plain; charset=utf-8
Date: Wed, 22 Jan 2014 03:01:25 UTC
Server: cloudinary
Status: 200 OK
X-Request-Id: 3a74ab61f56ae7620c8ffbb5440b75b6
X-UA-Compatible: IE=Edge,chrome=1
transfer-encoding: chunked
Connection: keep-alive
Here's the request headers:
OPTIONS /v1_1/*****/image/upload HTTP/1.1
Host: api.cloudinary
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Access-Control-Request-Method: POST
Origin: :9292
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36
Access-Control-Request-Headers: accept, token, content-type
Accept: */*
Referer: :9292/venue/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Is there something missing/wrong in the response headers?
Thanks
I am doing a file upload via AJAX. However, I am getting this error:
Request header field token is not allowed by Access-Control-Allow-Headers
Here's the response headers from the website I am uploading to, and the response headers all seem fine:
HTTP/1.1 200 OK
Access-Control-Allow-Headers: X-Requested-With, X-Prototype-Version, Content-Disposition, Cache-Control, Content-Type
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Origin: http://admin.lvho.st:9292
Access-Control-Max-Age: 1728000
Cache-Control: no-cache
Content-Encoding: gzip
Content-Type: text/plain; charset=utf-8
Date: Wed, 22 Jan 2014 03:01:25 UTC
Server: cloudinary
Status: 200 OK
X-Request-Id: 3a74ab61f56ae7620c8ffbb5440b75b6
X-UA-Compatible: IE=Edge,chrome=1
transfer-encoding: chunked
Connection: keep-alive
Here's the request headers:
OPTIONS /v1_1/*****/image/upload HTTP/1.1
Host: api.cloudinary.
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Access-Control-Request-Method: POST
Origin: http://admin.lvho.st:9292
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36
Access-Control-Request-Headers: accept, token, content-type
Accept: */*
Referer: http://admin.lvho.st:9292/venue/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Is there something missing/wrong in the response headers?
Thanks
Share Improve this question edited Jan 22, 2014 at 3:28 0xSina asked Jan 22, 2014 at 3:17 0xSina0xSina 21.6k34 gold badges143 silver badges257 bronze badges 2- You need to show the request headers as well if you'd like some help with this. The request is likely including a header that is not acknowledged in the response's Access-Control-Allow-Headers, as the error message states. – Ray Nicholus Commented Jan 22, 2014 at 3:25
- @RayNicholus updated my post with request headers. – 0xSina Commented Jan 22, 2014 at 3:28
1 Answer
Reset to default 4The Access-Control-Allow-Headers header in the response to the preflight (OPTIONS) is missing a reference to the "token" header. You will need to update your server response to account for this header.