[Apiman-user] How to solve the conflict about CORS and the X-API-Key in header?

Hi all, I got some errors with CORS plugin when I try to use my API with a contract. So, I consume my API passing info through header, such as: Authorization, Content-Type, and X-API-Key. I'm talking about a javascript application. So, CORS is a problem for that language. When I configure my contract to allow Cross-Origin, the error still there, but if I put my X-API-Key, as a query parameter, the CORS works fine. Does anyone could help me to understand that? I'm concerned to pass my contract as a query parameter. It should be on Header of my Http Request. Please, help me to understand if it is a behaviour of the application and how can I solve this without use query param. Best Regards, -- --- *Celso Agra*