Why does Access-Control-Allow-Headers: * have no effect?
Although the OPTIONS returns * for Allow-Headers I’m getting the following CORS response.
Access to XMLHttpRequest at ‘https://example1.com’ from origin ‘https://example2.net’ has been blocked by CORS policy: Request header field x-reques… Continue reading Why does Access-Control-Allow-Headers: * have no effect?