Javascript POST enforcing pre-flight request

Question

I'm trying to send data to a server through my frontend. I have the following code,

var xhr = new XMLHttpRequest();
xhr.open('POST', url, true);
xhr.setRequestHeader('Access-Control-Allow-Origin','*');
xhr.setRequestHeader('Content-type','text/plain');
xhr.setRequestHeader('Access-Control-Allow-Methods','POST');
xhr.send(data);

The data is a JSON string which should be sent to the server. However, I get the following response on the server "[1m[35mOPTIONS /addUser HTTP/1.1[0m" 500 -. It's not clear why the request is being sent as OPTIONS when Content-type is set as text/plain i.e. the request should not be pre-flighted.

How can I send data to the server using CORS?

score 0 · Answer 1 · answered Sep 24 '18 at 02:34

0

Access-Control-Allow-Origin and Access-Control-Allow-Methods are not request headers, they're response headers. Do not set them in your request.

answered Sep 24 '18 at 02:34

Brad

146,404
44
300
476

Javascript POST enforcing pre-flight request

1 Answers1