{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 迷人小祖宗 的问题《IBM Watson Conversation API: “Request header field》','https://www.manongdao.com/q-422520.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I created a React-Native app that connected to the Watson REST APIs. Using the fetch library that is part of the ReactNative, everything was working well for getting the Workspaces list, like this:
const myAuth = new Buffer(USR+':'+PWD).toString('base64');
const myInit = {
method: 'GET',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json',
'Origin': '',
'Authorization': 'Basic ' + myAuth,
}
};
return fetch(URL, myInit)
.then((response) => response.json())
.then((responseJson) => { ... }
I am now moving to React (rather than ReactNative) and the whatwg-fetch library. The same code does not work. First I got the error that:
Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response.
Then reading the tens of threads about these type of issues it just became black magic. Adding headers for Access-Control-Allow-Methods, Access-Control-Allow-Headers, and the such. Nothing really worked so far. Eventually the problem became:
Request header field access-control-allow-headers is not allowed by Access-Control-Allow-Headers in preflight response.
Can someone point me please to an example or code that works please?
==============
UPDATES ...
Thank you @sideshowbarker and @FakeRainBrigand. I guess then a server side is a must for the browser client app.
Remove whatever client-side code is setting the
Access-Control-Allow-Headersrequest header.The header is a response header CORS-enabled servers send. You don’t set it from the client side.
Based on the error messages cited in the question, it sound like the server may already be correctly configured to send the right
Access-Control-*headers. (Otherwise you’d instead be getting an error saying there’s noAccess-Control-Allow-Originin the response.)The only error identifiable from the information in the question at this point is just that problem of the request including an
Access-Control-Allow-Headersrequest header that shouldn’t be there.The browser is refusing to send your request because the server you're sending the request to hasn't enabled CORS, at least not with those headers.
The only solution without modifying the server you're targeting is to write your own server that makes the request on behalf of the client.