How to fix Refused to set unsafe header Origin while making XMLHttpRequest
XMLHttpRequest.setRequestHeader() method sets the value of an HTTP request header.
js setRequestHeader(header, value)
header :
The name of the header whose value is to be set.
value :
The value to set as the body of the header.
Refused to set unsafe header Origin error message
When we use setRequestHeader method we are not suppose to change Origin , browser is supposed to set and handle the header for us, if we set the header that would defeat the purpose of the security feature of the browser.
when you send requests across domains. For this, we need to set up the Access-Control-Allow-Headers in your response header at server side.
Don't set headers on XMLHttpRequest requests - Http.setRequestHeader("Origin", "*")
Set this on your server side instead
Access-Control-Allow-Origin: *