LaurensRietveld
commented
10 years ago I believe this is a CORS thing. When querying a cors-enabled endpoints, the server may check the Access-Control-Request-Header, and return an error when the header is not allowed. The type of error returned is quite vague. This problem does not occur when executing the query from the server (as CORS rules don't apply then).
There are several options on how to proceed. For now I've decided to force using the server when headers are specified (even if the endpoint is cors-enabled).
This does not work I believe when executed from client (it does work when executed via the server). have to double check this