Access-Control-Allow-Headers missing on response header hosted on enterprise instance

I’m following instruction in for setting up CORS.

When trying to access the api from an app on http://localhost:8080 I’m getting the following:

XMLHttpRequest cannot load Request header field Content-
Type is not allowed by Access-Control-Allow-Headers.

Looking at the response headers reveals that there’s no Access-Control-Allow-Headers property.

Cache-Control:no-cache, private
Content-Type:text/html; charset=UTF-8
date:Wed, 14 Oct 2015 09:52:36 GMT

I tried deleting/recreating the CORS settings, but still there’s no Access-Control-Allow-Headers property in the response header.

Is there anything that I’m missing?

What did you set your CORS settings to?
Go back to the Config->CORS tab and select the setting you just created to pull up all the details. Confirm that it matches what is recommended in the SDK README.

Just checked, looking ok to me.

Origin required 
Max Age 
All methods selected

There is a bug that prevented CORS from working in a hosted environment. The fix was committed to the develop branch of the codebase last week (therefore you may pull it into your local instances). It will also be resolved in the next update of the hosted system.


I think I have the same issue. I have installed DF on an Ubuntu server and I’ve used the Installer in the main download page. Can you direct me as to how to update my code base with the existing branch you are referring to? I have not been very successful with the GitHub command to do the initial install and it is why I had to use the installer instead. Any help would be great as I need to resolve this to do any thing else with DreamFactory.



I have the exact problem when I installed in a wamp, after I finished the setup from github I get this

saying that all the basic apps are created, but when I login an select any tab I get a message like this

{“error”:{“code”:400,“context”:null,“message”:“No session token (JWT) or API Key detected in request. Please send in X-DreamFactory-Session-Token and/or X-Dreamfactory-API-Key request header. You can also use URL query parameters session_token and/or api_key.”,“trace”:["0 C:\wamp64\www\xfadf\dreamfactory\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(148):

any suggestion on how to fix this