Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Slack incoming webhook: Request header field Content-type is not allowed by Access-Control-Allow-Headers in preflight response

Tags:

content-type

javascript

cors

fetch-api

slack

I try to post a slack message via the fetch API in a browser:

fetch('https://hooks.slack.com/services/xxx/xxx/xx', {
  method: 'post',
  headers: {
    'Accept': 'application/json, text/plain, */*',
    'Content-type': 'application/json'
  },
  body: JSON.stringify({text: 'Hi there'})
})
  .then(response => console.log)
  .catch(error => console.error);
};

I get the following error message: 

Fetch API cannot load:
https://hooks.slack.com/services/xxxxxxx/xxxxx. 
Request header field Content-type is not allowed by Access-Control-Allow-Headers in preflight response.

What to do?

like image 694
abnormi Avatar asked Aug 18 '17 08:08

abnormi

People also ask

How do I find my incoming Webhook Slack URL?

Open the "Apps & Custom Integrations" page in the Slack menu, enter "Incoming WebHooks" in the search box of the page, and click on the "Incoming WebHooks" item displayed.

Is Slack Webhook URL sensitive?

The unique webhook URL is secret. The webhook only accepts data, and thus alone cannot expose sensitive data to third parties.

Is Slack Webhook URL a secret?

Your webhook URL contains a secret. Don't share it online, including via public version control repositories. Slack actively searches out and revokes leaked secrets.

1 Answers

That Slack API endpoint unfortunately appears to be broken in its handling of cross-origin requests from frontend JavaScript code—in that it doesn’t handle the CORS preflight OPTIONS request as it should—so the only solution seems to be to omit the Content-Type header.

So it looks like you need to remove the following from the headers part of your request code:

'Content-type': 'application/json'

That part triggers your browser to do a CORS preflight OPTIONS request. So, for your browser to allow your frontend JavaScript code to send the POST request you’re trying to do, the https://hooks.slack.com/services API endpoint must return an Access-Control-Allow-Headers response header that contains Content-Type in its value.

But that endpoint doesn’t return that, so the preflight fails and the browser stops right there.

Normally when posting from frontend JavaScript to an API endpoint that expects JSON, adding that Content-Type: application/json header to the request is exactly what you need to do and should do. But not in this case—because that API endpoint doesn’t handle it properly.

like image 189
sideshowbarker Avatar answered Sep 19 '22 15:09

sideshowbarker
Sign in to Comment

Related questions

Rendering resolved promise value in Ember handlebars template
Restrict characters in input field
Angular UI-Router passing data between states with go function does not work
Reload AngularJS Controller
How to get the minimum and maximum date
D3 get previous element in .data()
How can I use JS WebAudioAPI for beat detection?
Is it possible to show all options from an HTML Select form field at once without clicking it?
How to open browser from Visual Studio Code API
Chai expect: an array to contain an object with at least these properties and values
How do I get the postal code from google map's autocomplete api
NodeJS Postgres error getaddrinfo ENOTFOUND
Auto formatting ES6 destructuring assignment in IntelliJ/WebStorm
How to get a type of scope variable in Angular expression?
ESlint Error Install from Command Line
Increase Concurrent HTTP calls
Angular2 *ngFor animation of pushed away elements
firefox ondrop event.dataTransfer is null after update to version 52
Change object key using Object.keys ES6
AJV schema validation for array of objects

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!