Axios: Cannot make call to API with Basic Auth

I'm trying to issue a CORS get request in Vue via axios. Everything works well so far, but if I need to authenticate via basic auth, I cannot get it to work.

Heres my code

getData: function() {
  let vm = this; // assign vue instance to vm

  axios.get('url', {
    withCredentials: true,
    auth: {
      username: 'name',
      password: 'pass'
    }
  }).then(function(response) {
    console.log(response)
  }).catch(function(error) {
    console.log(error)
  }) 
}

Even though I entered the credentials, as well as the url correctly, I always get a 401 response. It looks like this.

HTTP/1.1 401 Authorization Required
Date: Wed, 01 Feb 2017 16:23:31 GMT
WWW-Authenticate: Basic realm="'Realm'"
Content-Length: 499
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

The raw request looks like that

OPTIONS 'url' HTTP/1.1
Host: 'host'
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: GET
Origin: http://localhost:9000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.76
Safari/537.36
Access-Control-Request-Headers: authorization
Accept: */*
DNT: 1
Referer: http://localhost:9000/pages/blog_cc/blog_cc.html
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: de,en;q=0.8

What am I missing? With Postman and the exact same credentials, everything works like a charm. Even in Chrome directly.

I saw that this question was already asked a few times, but all the posed answers on other threads are no solution for me. I cannot issue the request from node, for example.

Edit: I also tried issuing a request with vanilla JS, also to no avail. It seems the problem lies in the backend. Here's my code, nevertheless.

let xml = new XMLHttpRequest();
xml.open('GET', api, true);
xml.setRequestHeader('Authorization', 'Basic: ' + btoa(user + ':' + pass));
xml.send();

It actually is a CORS request, thanks, I totally forgot mentioning that! But even with withCredentials: true, the error stays.

Does the OPTIONS request fail or the follow on GET?

I don't really know, as it's my first time working so closely with REST. But in my console, first, I see OPTIONS 'url' 401 (Authorization Required) and then XMLHttpRequest cannot load 'url'. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000' is therefore not allowed access. The response had HTTP status code 401.. But the second message is weird, since Access-Control-Allow-Origin should be set to "*". How can I further investigate this?

Yeah, that message from the backend can hide a variety of things in my experience, you also need to allow the backend to receive the Authorization header, this will probably throw up wildcards not being allowed with an auth header, so you may then need to either a) hard code the allowed url, or dynamically use the referrer.

Thank you very much! I'll share this with the backenders in my team! But how is it, that requests in Postman and Chrome go through?

Because Postman doesn't make the OPTIONS request it operates without CORS. So it will just be sending a GET.