Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Origin,Content-Type,Accept,Authorization Access-Control-Allow-Methods: POST,GET,OPTIONS,PUT,DELETE Access-Control-Allow-Origin: *