[BUG] CORS configuration missing allowed header

The allowed header is missing: Content-Type causing such error:

Access has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.