This is documentation about a configuration directive, which can be placed within Movable Type’s core configuration file,
mt-config.cgi, to customize the behavior of the system.
DataAPICORSAllowHeaders is used to specify the Access-Control-Allow-Headers response value sent by the Data API.
In order to determine what information your client application is allowed to request from the Data API, a preflight request can be sent to the server where the Data API is operating. If the request is made from a site that is permitted to use the Data API, the header field names that can be requested are placed in the Access-Control-Allow-Headers header attribute and returned as part of the REST query response.
If a preflight request is made from a site not permitted to use the Data API, the Access-Control-Allow-Headers header will not be sent.
Specifications can be made, both for receiving Data API requests from external sites and for sending header requests to external sites.
DataAPICORSAllowHeaders X-MT-Next-Phase-URL, X-Some-Response-Value