I've been running into a lot of CORS issues lately and even if I set the necessary headers for everything to work, I run into a problem with preflight requests.
A little background here to explain the problem, #CORS or #CrossOriginResourceSharing kicks in whenever you're making a request to a domain that different than you're current on. In my case, I have my fronted at http://localhost:4200 and the API at http://localhost. Before requests are done, the browser does a preflight request, an OPTIONS request, to see what operations are allowed from this location.
The problem here is pretty simple, Anahita returns an error stating that _actionOptions doesn't exist which it doesn't. I did some searching and found KControllerBehaviorDiscoverable which has a _actionOptions function, but after adding the behavior to my controller, it still doesn't work. Not sure why.