«Политика CORS» в apache

Question

laravel + php + apache + win7

ошибка:

Access to XMLHttpRequest at 'http://api.demo.com' from origin 'http://demo.com' has been blocked by CORS policy: Request header field pragma is not allowed by Access-Control-Allow-Headers in preflight response.

config apache:

<VirtualHost *:80>

     DocumentRoot "G:/xampp/htdocs/demo/public"
     ServerName api.demo.com
     Header always set Access-Control-Allow-Origin "*"
     Header always add Access-Control-Allow-Methods "GET, POST"
     Header always set Access-Control-Allow-Headers "Origin,XMLHttpRequest, X-Requested-With, Content-Type, Authorization,X-Custom-Header"
     Header always set Access-Control-Allow-Credentials "true"

</VirtualHost>

но все равно делает ошибки. почему?