CORS header ‘Access-Control-Allow-Origin’ missing if http status code is not 200

[MartiniHenry1988]

The issue I am facing is:

If Api returns 200 status code, everything works fine.

But if I send invalid Authentication Bearer Token in header or if any error returns from API, e.g 422, 401, 400 .. etc, my ajax request fails and gives this error:

CORS header ‘Access-Control-Allow-Origin’ missing

Here is my restivus confiqurations:

myApi = new Restivus({

    apiPath: 'api/',
    defaultHeaders: {
      "Access-Control-Allow-Origin": "*",
      "Access-Control-Allow-Credentials": "true",
      "Access-Control-Allow-Headers": "Access-Control-Allow-Headers, Access-Control-Request-Method, Connection, Content-Language, Access-Control-Request-Headers, Origin, X-Requested-With, Content-Type, Accept-Language, Accept, Z-Key, Authorization, client-id, client-secret, client_id, client_secret",
      "Content-Type": "application/json",
      "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS"
    },
    enableCors: true,
    useDefaultAuth: false,
    prettyJson: true,
    defaultOptionsEndpoint: {
        action: function() {
            this.response.writeHead(201, {
                "Access-Control-Allow-Origin": "*",
                "Access-Control-Allow-Credentials": "true",
                "Access-Control-Allow-Headers": "Access-Control-Allow-Headers, Access-Control-Request-Method, Connection, Content-Language, Access-Control-Request-Headers, Origin, X-Requested-With, Content-Type, Accept-Language, Accept, Z-Key, Authorization, client-id, client-secret, client_id, client_secret",
                "Content-Type": "application/json",
                "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS"
            });
            this.done();
            return {
                status: "success",
                "data": {
                    "message": "We love OPTIONS"
                }
            };
        }
    }
});

Does anyone know what I am missing here?