Created question in FIWARE Q/A platform on 14-08-2019 at 10:08
Please, ANSWER this question AT https://stackoverflow.com/questions/57491353/context-broker-preflight-options-request

Question:
Context Broker Preflight OPTIONS request

Description:
I'm trying to make a GET request to a Context Broker instance from a browser.

I've enabled CORS on the CB using the -corsOrigin __ALL flag when starting the app, and I can see that this has worked by making a request in POSTMAN and seeing this header in the response: access-control-allow-origin →*.

I need to specify the Fiware-Service header in my GET request in order to get the correct entities, which I believe is making the request not simple, triggering an OPTIONS HTTP request.

Inspecting the outgoing request, Chrome reports that these headers are sent:

Access-Control-Request-Headers: fiware-service
Access-Control-Request-Method: GET

The response I get from the Context Broker is:

Request URL: http://xxx.xxx.xxx.xxx:1026/v2/entities/
Request Method: OPTIONS
Status Code: 405 Method Not Allowed

A previous answer by McMutton, to a similar question stated:

"do the necessary changes on your js code to make sure your request
falls within the scope of simple requests."

Which was directed at removing non-standard headers from the request. However, for me I cannot see any non-standard headers being sent.

Reading the Fiware documentation on Access-Control-Allow-Headers, there is a link to the source code where the allowed headers are specified. There, I can see the Fiware-Service header defined, but it does not case-match the headers being sent from the browser (the browser has converted my headers to all lower case).

Does anyone know if "the headers check" in the Context Broker is case-sensitive?

If not, what else could be the issue?

Edit: this issue seems to have been reported here:
https://github.com/telefonicaid/fiware-orion/issues/3453