Request header field X-CSRF-TOKEN is not allowed by Access-Control-Allow-Headers in preflight response

Hi ,

Am trying to post my form data to controller,which is in another server.But am getting this error "Request header field X-CSRF-TOKEN is not allowed by Access-Control-Allow-Headers in preflight response". please help

This is my code:

 $scope.postInvoice = function () {
            var form = $(this);
            var data = new FormData(form[0]);
            $http({
                method: "POST",
                url: "http://localhost:9090/customerinvoice",
                headers: {'X-CSRF-TOKEN':$('meta[name="csrf-token"]').attr('content')},
                processData: false,
                contentType: false,
                data: data
            }).then(function (response) {
                console.log(response);
            }, function (error) {
                console.log('error');
            });
        };

spacedog4

7 years ago

Level 18

Try yo add this to your .htaccess file

Header set Access-Control-Allow-Headers "Content-Type, X-CSRF-TOKEN"

Please or to participate in this conversation.