javascript – hapi.js Cors Pre-flight不返回Access-Control-Allow-Origin标头

我使用(Dropzone js)上传了ajax文件.它将文件发送到我的hapi服务器.我意识到浏览器发送了一个PREFLIGHT OPTIONS METHOD.但我的hapi服务器似乎没有发送正确的响应标题,所以我在chrome上遇到错误.
这是我得到的错误

XMLHttpRequest cannot load http://localhost:3000/uploadbookimg. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.

这是hapi js路由处理程序

server.route({
        path: '/uploadbookimg',method: 'POST',config: {
            cors : true,payload: {
                output: 'stream',parse: true,allow: 'multipart/form-data'
            },handler: require('./books/webbookimgupload'),}
    });

在我的理解中,hapi js应该从Pre-fight(OPTIONS)请求发送所有cors头.
不明白为什么不是

来自Chrome的网络请求/响应

**General**
Request Method:OPTIONS
Status Code:200 OK
Remote Address:127.0.0.1:3000

**Response Headers**
view parsed
HTTP/1.1 200 OK
content-type: application/json; charset=utf-8
cache-control: no-cache
vary: accept-encoding
Date: Wed,27 Apr 2016 07:25:33 GMT
Connection: keep-alive
Transfer-Encoding: chunked

**Request Headers**
view parsed
OPTIONS /uploadbookimg HTTP/1.1
Host: localhost:3000
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: POST
Origin: http://localhost:4200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/50.0.2661.87 Safari/537.36
Access-Control-Request-Headers: accept,cache-control,content-type
Accept: */*
Referer: http://localhost:4200/books/upload
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8

提前致谢

server.route({
    config: {
        cors: {
            origin: ['*'],additionalHeaders: ['cache-control','x-requested-with']
        }
    },path: '/upload',handler: function (request,reply) {

        ...
    }
});