I want to add header to my xhr.
When I use setRequestHeader, what it actually does is adding a value to Access-Control-Request-Headers.
If I code:
You're making a non-simple cross-domain XMLHttpRequest (read more about CORS here) which means that your browser must send an preflight (
OPTIONS) request prior to your intended request. This is done to verify with the server that the client from a different origin is allowed to make said request. When you are making a CORS request the browser will automatically add the
Access-Control-Request headers to the request when it gets sent.
Access-Control-Request-Headers header is a comma-delimited list of non-simple headers that are included in the request. The only "simple" headers you can set are:
Content-Type (if it is set to one of:
The server must respond to those
Access-Control-Request headers in the preflight request with the corresponding
Access-Control-Allow headers in its response. So in your case it would need to respond with
Access-Control-Allow-Headers: key1, key2.