Is there a way browser can send Authorization Bearer token in OPTION preflight call?
We have placed condition to bypass the token verification policy so that OPTION call will pass as we saw the react single page application/browser was not sending Bearer token in Authorization header so it was always failing.
As per below article :
https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request
A CORS preflight request is a CORS request that checks to see if the CORS protocol is understood and a server is aware using specific methods and headers.
It is an OPTIONS request, using three HTTP request headers: Access-Control-Request-Method, Access-Control-Request-Headers, and the Origin header.
Seems browser can’t send any other header than above mentioned?