Access to XMLHttpRequest at ‘http://meudominio/api/token’ from origin ‘http://localhost’ has been blocked by CORS policy: Request header field x-csrf-token is not allowed by Access-Control-Allow-Headers in preflight response.

1
# vim /etc/apache2/conf-enabled/Headers.conf
1
2
3
4
5
6
7
8
9
10
# Always set these headers.
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token, X-CSRF-Token"
 
# Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]

Deixe uma resposta

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *