Allow request header filed in Access-Control-Allow-Header in preflight response

Question

I try axios call a external domain: https://viacep.com.br/ws/20021040/json/ (get call to return any informations about zip code)

axios.get('https://viacep.com.br/ws/20021040/json')
              .then((response) => {
                alert(JSON.stringify(response))
              })
              .catch((error) => {
                alert(error)
              })

In front-end I use:

• axios: v0.17.1
• vue: v2.5.3
• webpack: 3.6.0

In back-end I use expressjs/nodejs and install the express cors to deal with this case.

• node 9.8.0
• express 4.15.2
• cors 2.8.4

I need figure out to how allow the Request header field authorization in Access-Control_allow-Headers in preflight response to it work fine.

I'm developing in my localhost:8021

Authorization is a token with the credentials of my authentication(JWT).

In the image below, any tests commenteds.

Best Regards.

My last test is:

var corsOptions = {
    origin: true,
    allowedHeaders: ['Content-Type', 'authorization', 'Content-Length', 'X-Requested-With', 'Accept'],
    exposedHeaders: ['authorization'],
    methods: ['GET', 'PUT', 'POST', 'DELETE', 'OPTIONS'],
    // optionsSuccessStatus: 204, // some legacy browsers (IE11, various SmartTVs) choke on 204
    preflightContinue: false
}
app.use(cors(corsOptions))

But it doesn't work anyway... =(

Answer 1

Try:

res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept')
res.header('Access-Control-Allow-Methods', 'GET, PUT, POST, DELETE, PATCH, OPTIONS');