Reason: missing token ‘xyz’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel
What went wrong?
Access-Control-Allow-Headers header is sent by the server to let the client know which headers it supports for CORS requests. The value of
Access-Control-Allow-Headers should be a comma-delineated list of header names, such as
"X-Custom-Information" or any of the standard but non-basic header names (which are always allowed).
If the user agent can't detect any value specified for this header—even though the header is included in the response—this error occurs.