Hi,
We have an API that uses x-api-key (private: true) and CORS. Cors works fine in all cases other than when the user sends a bad API key. In that case we observe that the CORS headers are not present. Since the API key is validated by the Gateway and not our code, I am not sure what we can do to fix that. Any suggestions?