Looks like you need to update your Apache .htaccess file or your Apache httpd.conf file (assuming you’re running Apache). It’s different if you’re running nginx, lighttpd or some other web serverd… 😉
<ifModule mod_headers.c>
Header always set Access-Control-Allow-Origin: "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
</ifModule>
The first line Header always set Access-Control-Allow-Origin: "*" indicates that requests should be accepted from *any* domain.
Judging by the error, which explicitly indicates missing Content-Type that may be all you need.
That said, you might need even more stuff (below you’ll find a more complete listing, although this is un-tested and may need tweaking):
<ifModule mod_headers.c>
Header always set Access-Control-Allow-Origin: "*"
Header always set Access-Control-Max-Age "1000"
Header always add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
Header always set Access-Control-Allow-Headers "X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, Accept-Encoding"
</ifModule>
By all means, if someone has better information, please add a comment!
This page has more info:
https://awesometoast.com/cors/
And you can also look here:
https://www.google.com/search?q=wp%20rest%20api%20XMLHttpRequest%20preflight&rct=j
