CORS Issue When Using Authorization Header

[alanGlossika]

I encountered a CORS issue when trying to make API calls from a webpage. The webpage initiates two requests to the backend: a preflight request and a fetch request. My server handles the preflight request correctly, but the fetch request still results in a CORS issue.

Interestingly, the fetch request always occurs before the preflight request. Could this reverse order be causing the CORS issue?

When I do not use the authorization header, the request seems simpler and only involves one request, which includes the origin information, and this does not result in a CORS issue.

I am using RapiDoc for documentation with the following docs.html setup:

<html>
  <head>
    <title>RapiDoc</title>
    <!-- needed for adaptive design -->
    <meta charset="utf-8"/>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <script src="https://unpkg.com/rapidoc/dist/rapidoc-min.js"></script>
  </head>
  <body>
    <rapi-doc spec-url="/openapi.yaml"></rapi-doc>
  </body>
</html>