I'm making cross origin ajax requests using jquery and I wanted to set headers in the request like this-- but it says that it is an improper request:
$.ajax({
url: address,
headers:{
'Access-Control-Allow-Origin': '*'
}
success: function(result) {
pipelineCallback(result, guid_key, j, missing_program);
},
error: function(result) {
console.log(result);
},
async: true
});
Caveat: When I don't set the header and use this CORS chrome plugin the cross-origin request goes through fine... whats the issue?
Plugin link(theres a public github repo too): https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi?hl=en
Access-Control-Allow-Origin is a response header, not a request header.
The CORS browser plugin fakes adding it to the response.
Adding a non-standard header to a request triggers a preflight OPTIONS request which requires a specific kind of response to tell the browser that it is OK to make the request with the non-standard header.
Adding Allow-Control-Allow-Origin: * to the response (which is what the browser plugin does) is not sufficient to grant that permission. (Preflighted requests require an explicit allowed origin in the response, not a wild card).