CORS issue while trying to authenticate at Netweaver 7.40

Hi,

I'm trying to authenticate and retrieve the x-csrf-token in a webapp that is not running on the Netweaver 7.40 system.

If I set a custom header ('Authorization': 'Basic .....'), the browser sends a OPTIONS preflight request, that is being rejected due to missing CORS headers. If the preflight request is being rejected, all following requests, like the GET request to retrieve the x-csrf-token, are being blocked automatically.

Is there any possibility to set cors headers for OPTIONS requests? In a Electron environment, the request is let through and works, because there is no OPTIONS preflight request and Electron doesn't seem to obey CORS headers.