Receiving these error when using the OPTIONS verb in Angular2 http.get(url, options), even though the appropriate CORS headers are set in Falcon Rest API.
XMLHttpRequest cannot load http://localhost:8000/names. Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response.
resp.set_header("Access-Control-Allow-Origin", "*")
resp.set_header("Access-Control-Allow-Credentials", "true")
resp.set_header("Access-Control-Allow-Methods", "GET,HEAD,OPTIONS,POST,PUT")
resp.set_header("Access-Control-Allow-Headers",
"Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers")
For non OPTIONS / normal http.get() requests this works fine.
Resolved this using falcon_cors, specifically by setting allow_all_methods=True
pip install falcon-cors
from falcon_cors import CORS
cors = CORS(allow_origins_list=['http://localhost:3000'],
allow_all_headers=True,
allow_all_methods=True)
api = falcon.API(middleware=[cors.middleware])