Hit into this error when tying to get the “Content-Disposition” header using XMLHttpRequest.
Refused to get unsafe header "Content-Disposition"
Finally found the solution is to include CORS access control headers in HTTP response….
Take note that it’s not Access-Control-Allow-Headers but Access-Control-Expose-Headers
Credit to this stackoverflow post.