AntiPattern
CORS Preflight & Auth Mismatch
cors-preflight-and-auth-mismatch
Credentialed cross-origin calls fail because the backend/proxy mishandles OPTIONS preflights and CORS headers (e.g., wildcard origins), so browsers block authenticated requests and clients fall back to broken navigation or timeouts. Mis-scoped database/webhook permissions can amplify delays.