CORS/Preflight error with WorldPay AJAX request

Question

I'm picking up on someone else work with a custom template, and I'm getting the following error:

Failed to load https://api.worldpay.com/v1/orders: Response to the preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://xxx.xxx.xxx.xxx' is therefore not allowed access.

Here is the code that sends the AJAX request:

$.ajax({
            type: "POST",
            url: "https://api.worldpay.com/v1/orders",
            dataType: 'json',
            async: false,
            headers: {
              'Access-Control-Allow-Origin': '*',
              "Authorization": worldPayServiceKey
            },
            data: JSON.stringify(options),
            success: function (response){
              if (response.paymentStatus == 'SUCCESS') {
                current_booking.payment = obj.response;
              } else {
                alert("Sorry, there was a problem with your payment. We will send you an invoice instead.");
              }

              makeBooking();
            }
          });

I've had a similar problem with CORS before, but I haven't seen the preflight error before. Can anyone help, please?

Answer 1

please remove the Access-Control-Allow-Origin header from request header. that is a server side header.

Then add Content-Type as,

application/x-www-form-urlencoded,multipart/form-data or text/plain depending on what you are sending with the request. for example,

headers: {
              "Content-Type": "application/x-www-form-urlencoded",
              "Authorization": worldPayServiceKey
            },

The only allowed values for the Content-Type header are:

> - application/x-www-form-urlencoded
> - multipart/form-data 
> - text/plain

for more info, read the MDN DOC.

Hope It helps. good luck.