I use Postman to make manual requests to a REST API my team develops.
I recently added an Origin header to an OPTIONS request in order to test whether CORS response headers are sent properly.
Ever since, for every request I make, I get an error status 403 Forbidden and a message Invalid CORS request.
Most of the same requests works completely fine with cURL, therefore I do not think that it is a server-side problem.
What does Postman want and how do I fix this?
