Cloudflare client API and CORS

I am using Fetch API to make asynchronous requests to the Cloudflare API and I use the new Access tokens. Recently I saw that my get request to the Zones endpoint is no longer considered by Chrome a simple CORS request because of the Authorization header and the Fetch API sends a preflight OPTIONS request which results in a 400 bad request because the Zones endpoint expects a GET request. Do you know if there is a way to avoid sending OPTIONS and send the GET only.

You 100% should not be using a user’s browser for CF API requests if that’s what you are doing, unless you are talking about a browser extension.

It’s a browser extension.

@tosho_az Did you find a solution for this?
@Judge There are definitely non-extension use-cases for accessing the API from a browser. Obviously a terrible idea to store credentials in publicly-accessible code, tho consider e.g. read-only access to Stream, or scoped credentials that are supplied to the client via an external auth-flow.