example request

curl -H "Origin: http://localhost" \
  -H "Access-Control-Request-Method: GET" \
  -H "Access-Control-Request-Headers: Authorization" \
  -X OPTIONS --verbose \
  https://api.knod.com/example-endpoint

example response

Access-Control-Allow-Origin: *
Access-Control-Request-Headers: Authorization
Access-Control-Allow-Methods: GET, POST

Basically I'll need Access-Control-Request-Headers: Authorization because it looks like auth tokens are sent in this header, and I'll need whatever HTTP methods are supported in the Access-Control-Allow-Method (so if PUT and DELETE are also used I'll need Access-Control-Allow-Methods: GET, POST, PUT, DELETE