Request header field cache-control is not allowed by Access-Control-Allow-Headers in preflight response

tony_pearce · December 1, 2017, 2:54pm

Hi,
I’m using an Ajax call as:

var settings = {
  "async": true,
  "crossDomain": true,
  "url": "https://api.companieshouse.gov.uk/company/06715377",
  "method": "GET",
  "headers": {

    "Authorization": "****my key*****",
    "cache-control": "no-cache",
    
  }
}

$.ajax(settings).done(function (response) {
	console.log(response);
 
});

Works in IE, but chrome give this error in console:

Failed to load https://api.companieshouse.gov.uk/company/06715377: Request header field cache-control is not allowed by Access-Control-Allow-Headers in preflight response.

I’m restricted to types of api call as embedded into another system so jquery it has to be…

Any ideas?

MArkWilliams · December 1, 2017, 3:29pm

Please see jQuery request to API

tony_pearce · December 4, 2017, 8:29am

Hi,

I’m not up to speed with Angular JS and am struggling with the the example suggested. are there any further resources? or am I looking at finding a dev for this?

Thanks
Tony

voracityemail · December 6, 2017, 10:06pm

If you don’t need the cache-control part, and jQuery under Chrome doesn’t like this, just drop that? (apologies, we don’t use jQuery to communicate with CH).

You need to send the authorization, but setting other headers which aren’t supported via AJAX seems to be a common cause of problems.

Not sure there’s anything particularly Angular here - looks like a normal jQuery AJAX call (http://api.jquery.com/jquery.ajax/).

If this still doesn’t work have look around on the forum you’ll find lots of other examples of people using jQuery to access CH - hope one of these will work for you.

voracityemail · December 7, 2017, 1:12pm

Hmm… I guess your code is slightly schematic as I’m surprised it worked at all as listed (although I’m not an expert on jQuery ajax function!). I think all you need in the settings object is:

var settings = { "async": true,
  "crossDomain": true,
  "url": "https://api.companieshouse.gov.uk/company/06715377",
  "method": "GET",
  "headers": {
      "Authorization": "Basic " + btoa( "****my key*****" + ":" ),
  },
}

That last part is showing that you’re using http “basic” authentication with a base-64 encoded username:password string (e.g. empty password as CH only supply username) as per:

( atob() function documented at Base64 - MDN Web Docs Glossary: Definitions of Web-related terms | MDN)

Chris

tony_pearce · December 7, 2017, 2:16pm

Thanks guys, that last one worked, I had tried that but taking out the cached headers did the trick, guess it was a combination of my stupidity!