I am trying to enable HTTP access control (CORS) on a site using a .htaccess file with the following code:
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Origin "Content-Type"
Header set Access-Control-Allow-Methods: "GET"
But I keep getting the error
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at [DOMAINNAME] (Reason: CORS header 'Access-Control-Allow-Origin' does not match 'Content-Type').
What am I doing wrong? Every tutorial I've found seems to suggest it should work.
-edit-
In Chrome the debug tools give me this additional info:
Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains the invalid value 'Content-Type'.
Best Answer
Try with: