ded/reqwest

Reqwest adds access-control headers which forces preflight

LukasBombach opened this issue · 1 comments

LukasBombach commented

Hi

I am trying to use reqwest with YouTube's oEmbed API. As compared to a plain XMLHttpRequest, reqwest adds 2 headers:

access-control-request-headers:accept, content-type, x-requested-with
access-control-request-method:GET

which triggers a preflight request. Unfortunately YouTube blocks that request because the method used for the preflight request is OPTIONS and returns a 405. Because this request fails, no actual (GET) request is being invoked and I cannot query YouTube's API.

I am not quite sure where these headers come from and if they can be disabled.

Lukewh commented

@LukasBombach Have you set crossOrigin: true in the options?

  • 👍3
  • ❤️1