Request header field prismic-ref is not allowed by Access-Control-Allow-Headers in preflight response

Hi guys, I have a CORS problem, can you help me?

The question is: Access to fetch at ‘https://repository_url…’ from origin ‘https://my_domain…’ has been blocked by CORS policy: Request header field prismic-ref is not allowed by Access-Control-Allow-Headers in preflight response.

Thanks.

Use GET instead of POST.

Thanks, I use GET indeed, but it doesn’t work

That’s weird, because CORS shouldn’t be triggered for GET requests. Could you add a screenshot of the network request?

@marcellothearcane The reason CORS is triggered is because of the required prismic-ref header for GraphQL requests:

https://__SOMETHING__.prismic.io/graphql?query=query contactQuestion($tag: String!) { allSlides(tags: [$tag]) { edges { node { linkurl image title textblock _meta { id __typename } __typename } __typename } __typename } } &operationName=contactQuestion&variables={"top":5,"tag":""}

response:

x-ratelimit-limit: 200
x-ratelimit-remaining: 197
access-control-allow-origin: SOMETHING
access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent
access-control-allow-methods: OPTIONS,GET
X-Firefox-Spdy: h2

What are we missing here?