My ajax call from a third-party-hosted script to my endpoint is encountering some issues.
In Chrome, the preflight call appears as follows:
GENERAL
Request URL: https://my_endpoints_url
Request Method: OPTIONS
Status Code: 200
Remote Address: 21.188.37.117:443
Referrer Policy: origin-when-cross-origin
RESPONSE HEADERS
access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
allow: OPTIONS, TRACE, GET, HEAD, POST
content-length: 0
date: Thu, 14 Jan 2021 15:45:17 GMT
public: OPTIONS, TRACE, GET, HEAD, POST
server: Microsoft-IIS/10.0
strict-transport-security: max-age=31536000
x-powered-by: ASP.NET
REQUEST HEADERS
:authority: my_endpoints_host
:method: OPTIONS
:path: my_endpoints_path
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: fr,en-US;q=0.9,en;q=0.8,ca;q=0.7,es;q=0.6,pt;q=0.5
access-control-request-headers: authorization,content-type
access-control-request-method: POST
origin: https://c.cs160.visual.force.com
referer: https://c.cs160.visual.force.com/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36
Even though I have set up my endpoint's server to allow all headers, methods, and origins as shown in the response headers, Chrome still cancels the subsequent POST request.
What could be causing this issue?
Edit: After removing access-control-allow-headers from the server response, Chrome provides an error message stating "Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response." The POST request then shows as (failed) in the network tab. When adding access-control-allow-headers : "*", there are no error messages, but the POST request is marked as (canceled).
Appreciate your assistance!