I'm using the (still experimental) AJAX endpoint for forms API and I'm getting the following error on IE11:
SEC7123: Request header content-type was not present in the Access-Control-Allow-Headers list.
and this error on Firefox:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.hsforms.com/submissions/v3/integration/submit/[id]/[guid]. (Reason: missing token 'content-type' in CORS header 'Access-Control-Allow-Headers' from CORS preflight channel).
This request works just fine in Chrome and Edge.
OPTIONS response headers has access-control-allow-headers: *
set, but apparently access-control-allow-headers does not accept wildcards by the spec. The accepted headers should probably listed separately in Hubspot Forms API instead of using a wildcard.