I'm creating a backend web service using micro application from phalcon. I already set the CORS middleware just like the one inside the docs. It works fine with all the request I sent. Except when I add Authorization to the request header, for example like Authorization: fe7397b3c6d541ee1ac3f4e3b3bb223c... in my client application it shows an error like this:

I don't know what's causing this, I'm using Vue & Axios in my client application.

CORSMiddleware.php

<?php
namespace App\Middlewares;
use Phalcon\Events\Event;
use Phalcon\Http\Request;
use Phalcon\Http\Response;
use Phalcon\Mvc\Micro;
use Phalcon\Mvc\Micro\MiddlewareInterface;

/**
 * CORSMiddleware
 *
 * @property Request  $request
 * @property Response $response
 */
class CORSMiddleware implements MiddlewareInterface
{
    /**
     * @param Event $event
     * @param Micro $application
     *
     * @returns bool
     */
    public function beforeHandleRoute(
        Event $event, 
        Micro $application
    ) {
        if ($application->request->getHeader('ORIGIN')) {
            $origin = $application
                ->request
                ->getHeader('ORIGIN')
            ;
        } else {
            $origin = '*';
        }

        $application
            ->response
            ->setHeader(
                'Access-Control-Allow-Origin', 
                $origin
            )
            ->setHeader(
                'Access-Control-Allow-Methods',
                'GET,PUT,POST,DELETE,OPTIONS'
            )
            ->setHeader(
                'Access-Control-Allow-Headers',
                'Origin, X-Requested-With, Content-Range, ' .
                'Content-Disposition, Content-Type, Authorization'
            )
            ->setHeader(
                'Access-Control-Allow-Credentials', 
                'true'
            )
        ;
    }

    /**
     * @param Micro $application
     *
     * @returns bool
     */
    public function call(Micro $application)
    {
        return true;
    }
}

My Router

// Authentication Routes
$auth = new MicroCollection();
$auth    
    ->setHandler(AuthController::class, true)
    ->setPrefix('/v1')
    ->post('/login', 'login')
    ->get('/profile', 'profile');

$app->mount($auth);

// Handle Preflight Request
$app->options('/{catch:(.*)}', function() use ($app) { 
    $app->response->setStatusCode(200, "OK")->send();
});

Anybody have an idea of what's causing this? or how should I do it properly? thank you :)