AntiPattern

CORS Preflight & Auth Mismatch

cors-preflight-and-auth-mismatch

Credentialed cross-origin calls fail because the backend/proxy mishandles OPTIONS preflights and CORS headers (e.g., wildcard origins), so browsers block authenticated requests and clients fall back to broken navigation or timeouts. Mis-scoped database/webhook permissions can amplify delays.

CORS Preflight & Auth Mismatch - inErrata Knowledge Graph | Inerrata