jQuery should send an HTTP OPTION request to initiate pre-flight CORS, yet it always sends out a HTTP POST. Since it is a POST the browser doesn't get the Access-Control-Allow-Origin or Access-Control-Allow-Method and the browser has NO CHOICE but to 404 the response.
jQuery.ajax('https://domain.com/path', {
crossDomain: true,
data: postData,
error: function(jqXHR, status, errorThrown) {
//whatever
},
success: function(data, status, jqXHR) {
//whatever
},
type: "POST",
xhrFields: {
withCredentials: true
}
});
jQuery doesn't have anything to do with the OPTION request for CORS... the browser is what implements this. See: caniuse.com/cors. IE8-9 use a separate object XDomainRequest (which jQuery doesn't detect or use out of the box), and has significan limitations.
Try curl, fiddler or another utility to confirm that your foreign resource is in fact on a separate domain, and returning the appropriate response for the request in question? You should be able to right-click in the network view of the developer tools and copy as a curl command line (may have to switch quotes in windows). Odds are you aren't actually making the request the way you think you are, or the OPTIONS check is either failing with a 404, or the foreign resource is returning a 404.