I have a simple PHP script that I am attempting a cross-domain CORS request:

Question

0

Asked: May 27, 20262026-05-27T20:53:18+00:00 2026-05-27T20:53:18+00:00

I have a simple PHP script that I am attempting a cross-domain CORS request:

0

I have a simple PHP script that I am attempting a cross-domain CORS request:

<?php
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: *");
...

Yet I still get the error:

Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers

Anything I’m missing?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T20:53:19+00:00

Access-Control-Allow-Headers does not allow * as accepted value, see the Mozilla Documentation here.

Instead of the asterisk, you should send the accepted headers (first X-Requested-With as the error says).

Update:

* is now accepted is Access-Control-Allow-Headers.

According to MDN Web Docs 2021:

The value * only counts as a special wildcard value for requests without credentials (requests without HTTP cookies or HTTP authentication information). In requests with credentials, it is treated as the literal header name * without special semantics. Note that the Authorization header can’t be wildcarded and always needs to be listed explicitly.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a simple PHP script that I am attempting a cross-domain CORS request:

Leave an answerCancel reply

1 Answer

Update:

Leave an answer
Cancel reply