Ok for those who know about this stuff apologies for the rest of us he’s what I’ve learnt. If you json encode a POST to an Agent using Ajax from a browser served from a different domain CORS sends an OPTIONS preflight to check it’s OK to send data to the server.
To allow this there are some headers you need to respond with before the POST can be sent.
if(request.method=="OPTIONS"){ res.header("Access-Control-Allow-Methods", "POST, GET, OPTIONS"); res.header("Access-Control-Allow-Headers", "origin, x-csrftoken, content-type, accept"); res.send(200,"OK"); }
Also if you want the browser to expose custom header to JS you need this in the response to the POST
res.header("AgentResponce", "Pin_Request_Error"); res.header("Access-Control-Expose-Headers", "AgentResponce");
Perhaps those who know about CORS could point to a better/easier solution.