Angular2: X-XSRF-TOKEN not allowed by Access-Control-Allow-Headers headers

Client (Angular 4)

 @Injectable() export class HttpService { private actionUrl: string; private headers: Headers; private options: RequestOptions; constructor(public _http: Http) { this.actionUrl = 'example.com'; this.headers = new Headers(); this.headers.append('Content-Type', 'application/json'); this.headers.append('Accept', 'application/json'); this.headers.append('Access-Control-Allow-Headers', 'Content-Type, X-XSRF-TOKEN'); this.options = new RequestOptions({ headers: this.headers }); } 

Server

GET, POST

1) Access-Control-Allow-Origin: '*'

OPTIONS

1) Access-Control-Allow-Origin: '*'

2) Access-Control-Allow-Headers: 'Content-Type, X-Amz-Date, Authorization, X-Api-Key, X-Amz-Security-Token, X-XSRF-TOKEN, Access-Control-Allow-Headers ''

3) Access-Control-Allow-Methods: "POST, GET, OPTIONS"