openFDA is an FDA project to provide open APIs, raw data downloads, documentation and examples, and a developer community for an important collection of FDA public datasets.
Sending a header with Authorization: Basic <key> results in a CORS policy error during preflight. Removing the header results in a successful response. Adding the api_key as a parameter to the request results in a successful response.
In looking at the server response, the server sends only the following
Access-Control-Allow-Headers: X-Requested-With
To successfully complete the CORS preflight, to use the Authentication header, I believe Authorization needs to be added to the Access-Control-Allow-Headers response.
According to https://open.fda.gov/apis/authentication/, Basic auth is supported using https.
Sending a header with
Authorization: Basic <key>
results in a CORS policy error during preflight. Removing the header results in a successful response. Adding the api_key as a parameter to the request results in a successful response.In looking at the server response, the server sends only the following
Access-Control-Allow-Headers: X-Requested-With
To successfully complete the CORS preflight, to use the Authentication header, I believe Authorization needs to be added to the Access-Control-Allow-Headers response.