[Solved] CORS preflight return Access-Control-Allow-Origin but response hangs on
Both the preflight and actual response must grant permission with Access-Control-Allow-Origin. If only the prelight does, then the order of events is: JavaScript asks to make request Browser makes preflight request Server sends preflight response Browser checks CORS (passes) Browser makes actual request Server sends actual response Browser checks CORS (fails) Browser denies permission to … Read more