Authentication from localhost to rest api results CORS error


Staff member
I just installed a fresh wp on a <a href="" rel="nofollow noreferrer">dev server</a>. I am trying to authenticate to the rest api (plugin, since it's wp v.4.6.3), with an ionic/angularjs app which is located on my computer/device. Currently using <a href="" rel="nofollow noreferrer">JWT Authentication for WP-API</a> plugin.
This is my header, with the help of HTTP Headers plugins:

content-encoding: gzip
x-powered-by: php/5.5.9-1ubuntu4.21
connection: keep-alive
content-length: 3361
keep-alive: timeout=5, max=95
access-control-allow-headers: accept, authorization, cache-control, cookie, content-type, origin
server: apache/2.4.7 (ubuntu)
x-frame-options: allow-from *
vary: accept-encoding
access-control-allow-methods: get, post, options, head, put, delete, trace, connect, patch
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: cache-control, cookie, content-type, origin
cache-control: no-cache, must-revalidate, max-age=0

No matter what I do I get some CORS error. The most recent is:

Request header field Content-Type is not allowed by
Access-Control-Allow-Headers in preflight response.

The JWT plugin also had in docs some mention of editing .htaccess and wp-config.php, which I did. Tried several combinations of htacces edit and/or plugins. But same or similar error pops up.

This is my code, based on doc of JWT plugin (credentials/url valid!):

var apiHost = '';
$ apiHost + '/jwt-auth/v1/token', {
   username: 'admin',
   password: '[email protected]#'
.then( function( response ) {
   console.log( 'siker', )
.catch( function( error ) {
   console.error( 'Errorrrr', error );


#&lt;ifModule mod_headers.c&gt;
#    Header always set Access-Control-Allow-Origin: *
##    Header always set Access-Control-Allow-Methods "POST, GET, PUT, DELETE, OPTIONS"
##    Header always set Access-Control-Allow-Headers "content-type"

&lt;IfModule mod_rewrite.c&gt;

#SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

RewriteEngine On
RewriteBase /authworks/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /authworks/index.php [L]

Thanks for your help!