Request header field x-user-session is not allowed by Access-Control-Allow-Headers
Posted
by
Saurabh Bhandari
on Stack Overflow
See other posts from Stack Overflow
or by Saurabh Bhandari
Published on 2013-10-30T05:16:28Z
Indexed on
2013/11/04
15:54 UTC
Read the original article
Hit count: 201
I am trying to do a CORS call to a WCF service endpoint hosted on IIS7.5.
I have configured custom headers in IIS. My configuration looks like below
<customHeaders>
<add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS" />
<add name="Access-Control-Allow-Headers" value="x-user-session,origin, content-type, accept" />
<add name="Access-Control-Allow-Credentials" value="true" />
</customHeaders>
When I do a POST request I get following error message "Request header field x-user-session is not allowed by Access-Control-Allow-Headers"
If I remove my custom header from the call and run it, everything works fine.
Also if I do a GET call with custom header then also API works correctly.
$.ajax({
type:"POST",
success: function(d) { console.log(d) },
timeout: 9000,
url: "http://api.myserver.com/Services/v2/CreditCard.svc/update_cc_detail",
data: JSON.stringify({"card_id": 1234,"expire_month":"11","expire_year":"2020","full_name":"Demo Account", "number":"4111111111111111","is_primary":true}),
xhrFields: { withCredentials: true},
headers: { x-user-session': "B23680D0B8CB5AFED9F624271F1DFAE5052085755AEDDEFDA3834EF16115BCDDC6319BD79FDCCB1E199BB6CC4D0C6FBC9F30242A723BA9C0DFB8BCA3F31F4C7302B1A37EE0A20C42E8AFD45FAB85282FCB62C0B4EC62329BD8573FEBAEBC6E8269FFBF57C7D57E6EF880E396F266E7AD841797792619AD3F1C27A5AE" },
crossDomain: true,
contentType: 'application/json'
});
© Stack Overflow or respective owner