The CORS Headers in the response to CORS requests do not include the "Access-Control-Allow-Headers" field.
The WebConnector should answer OPTIONS requests with Request Headers field, i.e.
with a corresponding
"Access-Control-Allow-Headers: Accept, Content-Type"
to allow the following request.
To allow ALL requests in any case, the Connector could include the line
"Access-Control-Request-Headers:Origin, X-Requested-With, Content-Type, Accept"
(On a side note, by convention HTTP Header fields should be spelled with Capitalized words, so "Server-Name" instead of "Server-name", "Access-Control-Allow-Origin" instead of "access-control-allow-origin", etc.)