如果要呼叫第三方服务器，则对于预检请求，响应头 c应该包含 Access-Control-Allow-Headers：X -CSRF-Token 摆脱您得到的错误。但是我们没有控制权。



   如果对我们的服务器进行调用，则完全由我们控制，您可以在其中添加
Access-Control-Allow-Headers：X-CSRF-Token 如果您要发送带有 ajax jQuery请求，则对类型为 OPTIONS 的预检请求的响应c $ c> crossDomain参数设置为true 。

    If you are making a call to a third party server, for the preflight request, the response header should contain Access-Control-Allow-Headers: X-CSRF-Token to get rid of the error you get. But we do not have control over it.

    It is totally under our control if the call is made to our server, where you can add Access-Control-Allow-Headers: X-CSRF-Token in the response to your preflight request which is of type OPTIONS in case if you are sending a ajax jQuery request with crossDomain parameter set to true.