Refused to get unsafe header “Content-Disposition”

Hit into this error when tying to get the “Content-Disposition” header using XMLHttpRequest.

Refused to get unsafe header "Content-Disposition"

Finally found the solution is to include CORS access control headers in HTTP response….

httpResponse.addHeader("Access-Control-Expose-Headers", "Content-Disposition");

Take note that it’s not Access-Control-Allow-Headers but Access-Control-Expose-Headers

Credit to this stackoverflow post.




2 thoughts on “Refused to get unsafe header “Content-Disposition”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.