Chrome pre-flight returning blocked by CORS: does not have ok status, while my .rest client gives 200

I am using the chrome extension Allow CORS: Access-Control-Allow-Origin with all sorts of different setting changes, including this custom rule: Chrome running a pre-flight for my typescript fetch call (src/contrller/formController.tsx):

let response = await fetch("https://sign.zoho.com/api/v1/requests", {    method: "GET",    headers: {      Authorization:"Zoho-oauthtoken <development token>",    },  })

Access to fetch at 'https://sign.zoho.com/api/v1/requests' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

My .rest request:

GET https://sign.zoho.com/api/v1/requests HTTP/1.1Authorization: Zoho-oauthtoken <development token>

And the response is 200 with the expected results.

HTTP/1.1 200 Server: ZGSDate: Fri, 26 Jul 2024 18:39:10 GMTContent-Type: application/json;charset=UTF-8Content-Length: 225Connection: closeX-Content-Type-Options: nosniffCache-Control: private,no-cache,no-store,max-age=0,must-revalidatePragma: no-cacheExpires: Thu, 01 Jan 1970 00:00:00 GMTX-Frame-Options: SAMEORIGINX-Download-Options: noopenStrict-Transport-Security: max-age=63072000{"code": 0,"requests": [],"message": "Document list retrieved successfully","page_context": {"sort_column": "request_name","has_more_rows": false,"start_index": 1,"total_count": 0,"sort_order": "ASC","row_count": 0  },"status": "success"}

I took the curl from this request,

curl --request GET --url https://sign.zoho.com/api/v1/requests --header 'authorization: Zoho-oauthtoken <development token>' --header 'user-agent: vscode-restclient'

and ran it through curlconverter to get this fetch call

fetch('https://sign.zoho.com/api/v1/requests', {  headers: {'authorization': 'Zoho-oauthtoken <development token>,'user-agent': 'vscode-restclient'  }});

Still getting non-200 status on chrome with 0 context provided whatsoever (yes I know its a security thing).

Heres my curl from chrome:

Copy as cURL (cmd):

curl "https://sign.zoho.com/api/v1/requests" ^  -H ^"sec-ch-ua: ^\^"Not)A;Brand^\^";v=^\^"99^\^", ^\^"Google Chrome^\^";v=^\^"127^\^", ^\^"Chromium^\^";v=^\^"127^\^"^" ^  -H "Referer: http://localhost:3000/" ^  -H "sec-ch-ua-mobile: ?0" ^  -H "authorization: Zoho-oauthtoken <development token> ^  -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" ^  -H ^"sec-ch-ua-platform: ^\^"Windows^\^"^"

Copy as cURL (bash):

curl 'https://sign.zoho.com/api/v1/requests' \  -H 'sec-ch-ua: "Not)A;Brand";v="99", "Google Chrome";v="127", "Chromium";v="127"' \  -H 'Referer: http://localhost:3000/' \  -H 'sec-ch-ua-mobile: ?0' \  -H 'authorization: Zoho-oauthtoken <development token>' \  -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36' \  -H 'sec-ch-ua-platform: "Windows"'

Copy as fetch (node.js):

fetch("https://sign.zoho.com/api/v1/requests", {"headers": {"authorization": "Zoho-oauthtoken <development token>","sec-ch-ua": "\"Not)A;Brand\";v=\"99\", \"Google Chrome\";v=\"127\", \"Chromium\";v=\"127\"","sec-ch-ua-mobile": "?0","sec-ch-ua-platform": "\"Windows\"","Referer": "http://localhost:3000/","Referrer-Policy": "strict-origin-when-cross-origin"  },"body": null,"method": "GET"});

I have tried npx local-ssl-proxy --source 3001 --target 3000 along with npx local-ssl-proxy --source 3001 --target 3000--proxy-headers "Access-Control-Allow-Origin: *". No luck. I would really prefer not have to push to production to test it, or install other browsers with other cors extensions. Seeing how this works on my rest client makes me think the situation comes from chrome and not Zoho, but I will reach out if I can't find a solution. Zoho swagger for ref

Looking through the suggested duplicate questions: I found this article which confirmed my assumption that my code does not make and OPTIONS call, the browser does.I also found that cors will not trigger unless I modify headers that aren't Accept, Accept-Language, Content-Language, or Content-Type (I am modifying the Authorization header). Also found a solution to install a separate development browser