Skip to content

Setting Access-Control-Allow-Headers #22

New issue
New issue
Closed
Closed
Setting Access-Control-Allow-Headers#22
@dbillingham

Description

@dbillingham
dbillingham
opened on Sep 11, 2015

I get this issue in chrome when trying to set the Access-Control-Allow-Headers:
"Request header field x-requested-with is not allowed by Access-Control-Allow-Headers."

This is because on line 126 of server.js you are overriding what is passed in with some defaults:

      headers = {
        'Content-Length': 0,
        'Access-Control-Allow-Headers': 'Accept, X-Requested-With, Authorization, Content-Type'
      };
      headers = extend(self.opts.headers, headers);

If the user specifies a Access-Control-Allow-Headers should that not overwrite this default, (so the extend be the other way around)?:

      headers = extend(headers, self.opts.headers);

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions