I'm getting 401 and what I've stumbled on is that there is no authorization header with a token set in the header in the api call
I compared my pre-flight to the demo and it seems that in my pre-flight request there is no authorization header in the list in Acces-Control-Allow-Header; therefore in the subsequent API call my browser does not send the bearer token. Why is authorization missing from the list???
I'm using Box ContentPicker's latest vision via CDN following this guide https://developer.box.com/guides/embed/ui-elements/picker. Please advise!