0👍
Client Side : Set Access-Control-Allow-Credentials: true to each request sent to the server
Server side : Set Access-Control-Allow-Origin with the exact base url of your application (exact mean all the details, port number, http or https and localhost is not considered the same as 127.0.0.1 …)
Ps : Found this article should help you out, Which CORS headers do you need to send an Authorization header?
Source:stackexchange.com