Request header field x-user-session is not allowed by Access-Control-Allow-Headers

Posted by Saurabh Bhandari on Stack Overflow See other posts from Stack Overflow or by Saurabh Bhandari
Published on 2013-10-30T05:16:28Z Indexed on 2013/11/04 15:54 UTC
Read the original article Hit count: 201

Filed under:
|
|

I am trying to do a CORS call to a WCF service endpoint hosted on IIS7.5.

I have configured custom headers in IIS. My configuration looks like below

<customHeaders>
            <add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS" />
            <add name="Access-Control-Allow-Headers" value="x-user-session,origin, content-type, accept" />
            <add name="Access-Control-Allow-Credentials" value="true" />
        </customHeaders>

When I do a POST request I get following error message "Request header field x-user-session is not allowed by Access-Control-Allow-Headers"

If I remove my custom header from the call and run it, everything works fine.

Also if I do a GET call with custom header then also API works correctly.

$.ajax({
   type:"POST",
   success: function(d) { console.log(d) },
   timeout: 9000,
   url: "http://api.myserver.com/Services/v2/CreditCard.svc/update_cc_detail",
   data: JSON.stringify({"card_id":    1234,"expire_month":"11","expire_year":"2020","full_name":"Demo Account", "number":"4111111111111111","is_primary":true}),
   xhrFields: { withCredentials: true}, 
  headers: { x-user-session':  "B23680D0B8CB5AFED9F624271F1DFAE5052085755AEDDEFDA3834EF16115BCDDC6319BD79FDCCB1E199BB6CC4D0C6FBC9F30242A723BA9C0DFB8BCA3F31F4C7302B1A37EE0A20C42E8AFD45FAB85282FCB62C0B4EC62329BD8573FEBAEBC6E8269FFBF57C7D57E6EF880E396F266E7AD841797792619AD3F1C27A5AE" },
crossDomain: true,
   contentType: 'application/json'
});

© Stack Overflow or respective owner

Related posts about c#

Related posts about wcf