[It was a typo]
My web application served in localhost:3000sends GET requests for the cross-domain with the title "Authorization" to my backend application that runs in localhost:8000. A request using curl without a header works:
curl GET http://localhost:8000/app
Running a query using curl with a header also works:
curl GET http://localhost:8000/app -H 'Authorization: Basic xxxx'
But my jQuery GET does not:
$.ajax({
url: http://localhost:8000/app,
type: 'GET',
headers: {'Autorization': 'BASIC xxxx'}, // if I remove this it works
...
)};
He outputs
XMLHttpRequest cannot load http://localhost:8000/app.
Request header field Autorization is not allowed by Access-Control-Allow-Headers.
Response headers include
Access-Control-Allow-Headers:x-requested-with, content-type, accept, origin, authorization, x-csrftoken
Access-Control-Allow-Methods:GET, POST, PUT, PATCH, DELETE, OPTIONS
Access-Control-Allow-Origin:*
So it looks like authorization is allowed ...
If this helps, my backend is a Django application using mod_wsgi (-express) and Apache, and the django-cors-headers module. Settings have a default value CORS_ALLOW_HEADERS(including "authorization").
, CORS . , , , . .