dereklieu
commented
7 years ago @sebastien-roch can you give a test case where this is happening? Which browser rejects this header?
Open sebastien-roch opened 7 years ago
dereklieu
commented
7 years ago @sebastien-roch can you give a test case where this is happening? Which browser rejects this header?
sebastien-roch
commented
7 years ago I'm using qwest (https://github.com/pyrsmk/qwest) and this library sets a No-Cache header by default on the requests (which often makes sense for ajax requests). Any modern browser will throw the mentioned error if the response does not have the proper Access-Control-Allow-Headers value, because of CORs rules. I tested with Chrome.
Some library set this header to avoid caching, but the browser will deny the COR request with
Request header field Cache-Control is not allowed by Access-Control-Allow-Headers in preflight response.