ember-cli/ember-ajax

Request header field X-CSRF-Token is not allowed by Access-Control-Allow-Headers in preflight response.

adambedford opened this issue · 2 comments

I'm running into an issue making a request to the Clearbit Company Autocomplete API where the following error is being raised:

Request header field X-CSRF-Token is not allowed by Access-Control-Allow-Headers in preflight response.

I'm pretty sure this is because my request contains the header:

Access-Control-Request-Headers: x-csrf-token

and Clearbit is configured with

access-control-allow-headers: Authorization, API-Version, Content-Type, Salesforce-App-Id

So I tried to unset this header as follows:

const results = yield this.get("ajax").request(`https://autocomplete.clearbit.com/v1/companies/suggest?query=${param}`, {
        method: "GET",
        headers: {
          "Access-Control-Request-Headers": ""
        }
      })

However I'm now getting this error

Refused to set unsafe header "Access-Control-Request-Headers"

Is there a way to remove x-csrf-token from the Access-Control-Request-Headers header? Or perhaps a better way to approach this?

It might also be worth noting that I ran into the same problem using $.getJSON()

If you ran into the same problem with jQuery alone, I’m not sure how much I can help you... this doesn’t sound like an ember-Ajax issue.

Closing because, per my last commend here, this appears to be a jQuery issue, not something with ember-ajax.