Thanks for taking a look at this!
I am wondering if the response header needed is the one below:
Reviewing the documentation for
Access-Control-Allow-Headers, the header responds to a browser’s pre-flight request (which includes a
Access-Control-Request-Headers header from the client-side).
My hypothesis is that that may not be directly related to the issue at hand. It seems that addition of the
Access-Control-Allow-Origin: * response header would solve the CORS issue as it would allow calls from any origin instead of just
Sorry for bugging you on this! This is first time I am running into a CORS issue so I have been forced to finally learn it, which is fantastic.