Computer Configuration > Administrative Templates > Microsoft Edge
Both
HKLM\Software\Policies\Microsoft\Edge
This policy lets you configure support of CORS non-wildcard request headers. Microsoft Edge version 97 introduces support for CORS non-wildcard request headers. When a script makes a cross-origin network request via fetch() and XMLHttpRequest with a script-added Authorization header, the header must be explicitly allowed by the Access-Control-Allow-Headers header in the CORS preflight response. "Explicitly" here means that the wild card symbol "*" doesn't cover the Authorization header. See https://go.microsoft.com/fwlink/?linkid=2180022 for more detail. If you enable or don't configure the policy, Microsoft Edge will support the CORS non-wildcard request headers and behave as previously described. If you disable this policy, Microsoft Edge will allow the wildcard symbol ("*") in the Access-Control-Allow-Headers header in the CORS preflight response to cover the Authorization header. This policy is a temporary workaround for the new CORS non-wildcard request header feature. It's intended to be removed in the future.