Strange issue with CORS preflight request fails on IE 11

The problem, is that the the POST query fails on IE11, in all the other browsers it's seems working.

Lets describe the problem step by step:

1. XHR request from application to REST API.


2. Preflight OPTIONS request (request parameters are following)

Accept:                         */*
Origin:                         https://app.example.com
Access-Control-Request-Method:  POST
Access-Control-Request-Headers  content-type, accept
:                               
Accept-Encoding:                gzip, deflate
User-Agent:                     Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Host:                           api.example.com
Content-Length:                 0
Connection:                     Keep-Alive
Cache-Control:                  no-cache

2. preflight request response parameters are:

X-Powered-By:                   Sugar
Access-Control-Allow-Origin:    https://app.example.com
Vary:                           Origin
Access-Control-Allow-Credentia  true
ls:                             
Access-Control-Allow-Methods:   GET,POST,DELETE,OPTIONS
Access-Control-Allow-Headers:   X-Requested-With,X-HTTP-Method-Override,Content-Type,Accept
set-cookie:                     sugar.sid=s%Pb9OoTTPUkVw%2F2vUPoFMNG
                                LMXACSkQevo; Path=/; Expires=Thu, 15 Jan 2015 18:27:07 GMT; HttpOnly; Secure
Date:                           Mon, 12 Jan 2015 18:27:07 GMT
Connection:                     close

3. The real HTTP request after preflight request parameters:

Accept:           application/json
Content-Type:     application/json
Referer:          http://ift.tt/14qOWlp
Accept-Language:  en-US
Origin:           https://app.example.com
Accept-Encoding:  gzip, deflate
User-Agent:       Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Host:             api.example.com
Content-Length:   9
Connection:       Keep-Alive
Cache-Control:    no-cache
Cookie:           sugar.sid=s%3A-%2FGF1YoFmRfmBsxK4vLBoGjY5NT0QoYvf5s;

4. Last response parameters:

Content-Type:    application/json; charset=utf-8
Content-Length:  72
Vary:            Accept-Encoding
Date:            Mon, 12 Jan 2015 18:27:07 GMT
Connection:      close

5. Basically the response end with the IE error: Origin: https://app.example.com not found in Access-Control-Allow-Origin header. Does the first request needs also the Access-**-Origin header, which seems to be missing.

Also followed the CORS flow chart for debugging problem, but I could not spot it http://ift.tt/1mb4UqK.

I am using Node.js Express server with the node-cors module + modified options.