Add 'access-control-allow-origin' response to options preflight request in Asp.NET
Consider that Google Chrome has an issue which does not support localhost to go through the Access-Control-Allow-Origin.
In your code, you have enabled CORS with the AddCors and UseCors methods in Configure method, please make sure you've followed the instructions available in Specifying a CORS Policy (which is used in ConfigureServices method) and How to enable CORS in ASP.NET 5
You can also simply write an Action Filter for plain Asp.net MVC controller.
Types of CORS'
Microsoft.AspNet.WebApi.Cors: use it to enable the CORS request ONLY for the Web APIs.Microsoft.AspNet.Cors: Use it to enable CORS for MVC controllers.Microsoft.Owin.Cors: Use it to enable CORS for all cross-origins requests coming to your site, for example, when you you want to enable CORS for both Web API and SignalR.
It doesn't really make sense but as @Sirwan suggested, using .AllowAnyHeader() set the access on the options response...