The
Access-Control-Allow-Headers
header is sent by the server to let the client know which headers it supports for
CORS
requests. The value of
Access-Control-Allow-Headers
should be a comma-delineated list of header names, such as "
X-Custom-Information
" or any of the standard but non-basic header names (which are always allowed).
This error occurs when attempting to preflight a header that is not expressly allowed (that is, it's not included in the list specified by the
Access-Control-Allow-Headers
header sent by the server). To fix this, the server needs to be updated so that it allows the indicated header, or you need to avoid using that header.