Cross-Origin Request Headers(CORS) with PHP headers

Question

I have a simple PHP script that I am attempting a cross-domain CORS request: Yet I still get the error: Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers Anything I'm missing? Answer Access-Control-Allow-Headers does not allow * as accepted value, see the Mozilla Documentation here. Instead of the asterisk, you should send the accepted headers (first X-Requested-With as the

Accepted Answer

Access-Control-Allow-Headers does not allow * as accepted value, see the Mozilla Documentation here.Instead of the asterisk, you should send the accepted headers (first X-Requested-With as the error says).Update:* is now accepted is Access-Control-Allow-Headers.According to MDN Web Docs 2021:The value * only counts as a special wildcard value for requests without credentials (requests without HTTP cookies or HTTP authentication information). In requests with credentials, it is treated as the literal header name * without special semantics. Note that the Authorization header can&#8217;t be wildcarded and always needs to be listed explicitly.

Advertisement

Answer

Update: