Request header field User-Api-Key is not allowed by Access-Control-Allow-Headers

davide.porrovecchio · July 23, 2018, 8:06am

I’m trying to post comments to my Discourse instance from another web application using user api keys. I managed to get the user key following the method described in your original topic and this other useful discussion.
After getting the key, when I send it along with my requests as a value of the User-Api-Key header, I get the Request header field User-Api-Key is not allowed by Access-Control-Allow-Headers error.
As I asked in my PR, I’m not sure if it’s enough to add the headers in the file config/initializers/004-message_bus.rb or we need to add them also in the file discourse/config/initializers/008-rack-cors.rb.

Topic		Replies	Views
Request header field Content-Type is not allowed by Access-Control-Allow-Headers bug	2	1743	August 29, 2018
Acess-Control-Allow-Headers CORS Error with API after updating discourse support	9	2884	July 22, 2020
API CORS Headers Incorrect support	11	2710	June 8, 2023
Having issue accessing the Discourse APIs from react app dev rest-api	6	644	April 10, 2023
Authenticating using API keys when accessing API through fetch dev rest-api	4	1078	November 28, 2019

Request header field User-Api-Key is not allowed by Access-Control-Allow-Headers

Related Topics