javascript - Mandrill XMLHttpRequest Error - invalid Access-Control-Allow-Origin headers -


i have app on heroku @ http://random-name.herokuapp.com sends emails mandrill. however, regardless of whether i'm running app locally @ localhost:5000 or remotely on heroku, throw following error when trying send emails:

xmlhttprequest cannot load https://mandrillapp.com/api/1.0/messages/send.json. response preflight request doesn't pass access control check: wildcard '*' cannot used in 'access-control-allow-origin' header when credentials flag true. origin 'http://random-name.herokuapp.com' therefore not allowed access.

there's lot of documentation on stack overflow error (see cors: cannot use wildcard in access-control-allow-origin when credentials flag true), , consequently, set express headers following:

app.use(function(req, res, next) {   res.header("access-control-allow-origin", "http://localhost:5000 http://random-name.herokuapp.com");   res.header('access-control-allow-credentials', true);   res.header("access-control-allow-methods", "get, post, put, delete, options");   res.header("access-control-allow-headers", "origin, x-requested-with, content-type, accept");   next(); }); 

however, doesn't seem solve issue. couldn't find useful in mandrill's documentation either. i'm guessing i'm specifying headers incorrectly, or perhaps aren't being used. ideas?

access-control-allow-origin takes single value, not space separated list.

you need return whatever client sends in origin request header (test make sure acceptable origin first though!).


Comments