I’m trying to POST something from a TiddlyWiki running on localhost to https://api.omg.lol/address/drhayes/pastebin/.
My preflight OPTIONS fails with: CORS Missing Allow Header
My request includes this header: Access-Control-Request-Headers: authorization,x-requested-with. The response header doesn’t match: Access-Control-Allow-Headers: Authorization,Content-Type. I think it should include the x-requested-with header in the response to validate my request.
At least I think that’s the problem, I’m not entirely sure. The subsequent POST fails with NS_ERROR_DOM_BAD_URI which I’m pretty sure is CORS for “frick you, human”.
Screenshot of my network inspector with the failed preflight:
Here’s the subsequent failed POST request:
Any ideas, anyone?
UPDATE: Including some messages from the console:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.omg.lol/address/drhayes/pastebin/. (Reason: header ‘x-requested-with’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.omg.lol/address/drhayes/pastebin/. (Reason: CORS request did not succeed). Status code: (null).