Why do CORS policies block my ip from my API?

Question

when I make a request to my api in production I get this error

Access to XMLHttpRequest at 'http://...:300/api/ext/companies/sort=%22code%22:-1&limit=1' from origin
'http://...:90' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

How do I solve this problem?

my frontend is developed in angular 5.

my api is developed in nodejs and this is my configuration

app.use((req, res, next) => {
  res.header('Access-Control-Allow-Origin', '*');
  res.header('Access-Control-Allow-Headers', 'X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method, Authorization, Database');
  res.header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, DELETE');
  res.header('Allow', 'GET, POST, OPTIONS, PUT, DELETE');

  next();
});

Answer 1

Install this package .

Instead of:

const express = require("express");

Try this:

const express = require("express").use("*", cors());

And remove it:

app.use((req, res, next) => {
  res.header('Access-Control-Allow-Origin', '*');
  res.header('Access-Control-Allow-Headers', 'X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method, Authorization, Database');
  res.header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, DELETE');
  res.header('Allow', 'GET, POST, OPTIONS, PUT, DELETE');

  next();
});