I am trying to make a CORS call to my API.
$.ajax({
url: baseURL + '?' + qString,
contentType: 'application/json',
success: function (response) {
cb(null, response.objects);
},
failure: function (err) {
failureHandler(err);
cb(err);
},
});
but I am getting an error
Request header field X-XSRF-TOKEN is not allowed by Access-Control-Allow-Headers in preflight response.
I even tried to disable CRFS by passing this in app.js
'apostrophe-express': {
csrf: false,
},
But it didn't do anything, is there a way I can disable this behavior and make CORS API calls.
We have accepted your PR exempting cross-origin calls, so beginning with the next release (likely tomorrow), this issue will be resolved and should not face the next developer.