my app uses scripts (in this particular example webpack) to load certain resources (not relevant for this matter), the request headers looks like below:
GET /b245bc85ddeedb27a549.woff2 HTTP/2
Host: anonymized.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/110.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en,pl;q=0.5
Accept-Encoding: identity
Origin: https://www.anonymized.de
DNT: 1
Connection: keep-alive
Referer: https://www.anonymized.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Sec-GPC: 1
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
the script which is initializing the request is coming from the anonymized.com domain and is executed on the https://www.anonymized.de/ url
each time the resource is requested I'm getting following error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://anonymized.com/b245bc85ddeedb27a549.woff2. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.
but the thing is that there is NO preflight (the OPTIONS request) being done before the request, lol
so my question is how to make the browser to do the preflight (or what is needed to make the error disappear because as you see I'm not sending any special headers)
