Authorization Header Appended Only Once In Ajax Cors Request

I'm calling my RESTful API from Javascript in a CORS scenario. I'm using JQuery to send my POST authenticated request. Here is an example: function post(settings, addAccessToken) {

Solution 1:

I solved my issue so I want to give the answer to everybody else is in the same situation.

1) The problem was to enable OPTIONS http request from server-side. In fact, there is a first call to the same url but with verb 'OPTIONS' and then a second call to the real url with POST|GET method. If the server doesn't properly answer to the first 'OPTIONS' call, e.g. specifying the correct Allowed Headers etc., the second call doesn't work.

2) The notation

settings.headers = {
 'Authorization': 'Bearer <my access token>'
};

is not working. The only way to setup an header is:

settings.beforeSend = function (request) {
 request.setRequestHeader('Authorization', 'Bearer <my access token>');
};

Hope this can help other people in the future.

cghersi