Hi,
I think that there's a problem with the current spec of CORS.
When attempting to perform a preflight with a non-anonymous website, the preflight is bound to fail because no Authorization header is being sent.
This poses a problem at least for IIS users who are using a Classic Application Pool, and apparently cannot interfere with the Return Code (which is 401).
Please review discussion
here:
https://bugzilla.mozilla.org/show_bug.cgi?id=778548
Thanks.
