Request header field prismic-ref is not allowed by Access-Control-Allow-Headers in preflight response

@marcellothearcane The reason CORS is triggered is because of the required prismic-ref header for GraphQL requests:

https://__SOMETHING__.prismic.io/graphql?query=query contactQuestion($tag: String!) { allSlides(tags: [$tag]) { edges { node { linkurl image title textblock _meta { id __typename } __typename } __typename } __typename } } &operationName=contactQuestion&variables={"top":5,"tag":""}

response:

x-ratelimit-limit: 200
x-ratelimit-remaining: 197
access-control-allow-origin: SOMETHING
access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent
access-control-allow-methods: OPTIONS,GET
X-Firefox-Spdy: h2

What are we missing here?

1 Like