Getting Access-Control-Allow-Headers in preflight error

Hello , I have created angular js app in which I have integrate twitch api , the api is

return $http({
            url: "https://api.twitch.tv/kraken/streams",
            method: "GET",
            params: { channel: channel, limit: 1 },
            headers: { "Client-Id": "XXXXXXXXXXXXXXX" }
        })

the problem is when I reload the page the api is working but when my state changes without page reload I am getting cross origin error from this api.
the error is

Failed to load https://api.twitch.tv/kraken/streams?channel=eliazOne&limit=1: Request header field RefreshToken is not allowed by Access-Control-Allow-Headers in preflight response.

anyone has idea how to resolve cross error

Duplicate post of https://discuss.dev.twitch.tv/t/getting-cross-error-on-stream-api/12832

You can’t fix it, as you can’t change Twitch’s Servers.

You can try calling via JSONP, but it’s worth nothing that V5 is deprecated and the New API doesn’t support Cross Domain Calls.

I don’t know how angular works, but your request contains a custom RefreshToken header, which isn’t a whitelisted header (list of which is seen in the Access-Control-Allow-Headers response header of the OPTIONS request).

You need to make your CORS requests only contain the headers you specify.

The headers allowed for CORS requests by Twitch API (both kraken and helix):

Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Client-Id, Twitch-Api-Token, X-Forwarded-Proto, X-Requested-With, X-Csrf-Token, Content-Type, X-Device-Id

It doesn’t support jsonp, it does support CORS.

My derp tis a monday :stuck_out_tongue:

We had a natter.

We think that your angular code is reusing headers, instead of tearing down the http client and creating a new one. So your code is not sending a fresh set of headers for the request you have shown the code for.

We need to see the rest of your code, or you should be able to fix based on this

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.