Header has been blocked by CORS policy: Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response.
I'm certainly no expert in CORS and bumble my way through most issues.
If I recall correctly the Access-Control-Allow-Origin header needs to be on the server side, rather than in the client request? Assuming you've shared client-side code?
@NicolasSwijngedouwIf you inject unauthorized headers it will cause a CORS pre-flight error.
Hi @AndyGup, thank you for your reply.
Is there any way to authorize custom headers on the server-side?
The API Key that I'm trying to include in my request header is not an ESRI Api Key, but an API Key for an Azure API Management component. That component is a reverse proxy on the edge of the network containing the ArcGIS Servers.
In a near future, headers such as Authorization and Username are required as well and I will have to pass them via the header of the request.
> is not an ESRI Api Key, but an API Key for an Azure API Management component
Gotcha. You'll need to contact Azure technical support since that's their product. We don't have any control or knowledge of their security practices.