Http request to remote server from client


I have a rest api( developed in meteor) hosted at,

for request authentication we’re using custom header called z-key which we use to authenticate the request.

when I try to post data to it from my cordova app(client) I’m getting following error

XMLHttpRequest cannot load Request header field z-key is not allowed by Access-Control-Allow-Headers in preflight response.

my request is simple, added http package and

         var data = {
      password: password
   apiURL = "";
   apiHeaders = { "z-key": "RHTHvsbpQXkupz35A"}, {
      data: data,
      headers: apiHeaders
    }, function(e,r){
      console.log(e, r);

when I try to post data to same route from server side or postman chrome app everything is working fine?

Any help is appreciated.


you should be allowed to send back z-key header. I guess you should implement options method and return Access headers like:

Access-Control-Allow-Origin: * // if you need
Access-Control-Allow-Methods: POST, GET, OPTIONS // for example
Access-Control-Allow-Headers: Z-KEY, X-RAY, B-SIDE // any you wish