Access Control Allow Headers

I'm calling my API endpoints from my React web app, and Firefox is giving me this warning:

Cross-Origin Request Warning: The Same Origin Policy will disallow reading the remote resource at [Xano Endpoint URL] soon. (Reason: When the Access-Control-Allow-Headers is *, the Authorization header is not covered. To include the Authorization header, it must be explicitly listed in CORS header Access-Control-Allow-Headers).

Is making a change to address this on the roadmap? I'm not sure how "soon" this will stop working.



  • Hey @simeon,

    Most likely this "soon" will be never.

    But apart from that, you can possibly ask privately Xano support so they can give you a specific address (highly unlike they will give you the actual address, but maybe they can add a proxy? not sure how they have it configured and what custom solutions they can offer, but I am sure they will do their best to help you).