Hello, I try to build a web application using Ember framework and your v3 API. Really good API work ! But I have some difficulties to get right API responses. Not on the same API domain, a preflighted OPTIONS request is sent. It's OK. But this request is not accepted (401) by your API because there is no 'key' query or no 'Authorization' header defined in this OPTIONS request. This header (or key) is not required for a preflighted request?..
Thanks for your help, ps: something else, by default, Ember does not add trailing '/' to the url (use https://rebrickable.com/api/v3/lego/colors?key=... instead of https://rebrickable.com/api/v3/lego/colors/?key=...) so API replies with 301 redirect, considered like an error by preflighted OPTIONS request. So the CORS request fails.