I might be missing something, but... When retrieving data from the public API using the method described at , you first fetch an access_token, which then has to be passed in the Authorization header for the subsequent request. Since that is not a CORS-safelisted request-header, though, the browser first performs an OPTIONS request. The response does include an "access-control-allow-headers" header, but this doesn't whitelist the Authorization header, upon which the browser blocks the actual request. Thus, it'd be nice if that could be added, at least for the /orcid-bio/ request.  https://members.orcid.org/api/tutorial-retrieve-data-using-public-api
Please sign in to leave a comment.