This works with Chrome and IE, but not Firefox(26).

The OPTIONS request returns status 200, but still Firefox does not send the follow-up POST request like Chrome and IE do.

Request Headers
OPTIONS ..
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST

Response Headers
Security
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:X-File-Upload content-type
Access-Control-Allow-Methods:POST OPTIONS
Access-Control-Allow-Origin:*

Both IE and Chrome send the follow-up POST method and everything works fine, but Firefox does not send the POST request. I know this because (a) I checked the net traffic in the Firefox debugger and (b) the server does not get the POST request.

Not sure this is relevant but here's some additional info:
X-File-Upload is a custom header needed for a commercial jQuery file upload package I am using
I am using jQuery ajax to make the POST requests

Is this a Firefox bug or am I doing something wrong? How do I even go about debugging this??

Any help or insights greatly appreciated. Thanks in advance.

The list of allowed headers / methods / ... have to be separated by commas, not by whitespace:

Access-Control-Allow-Headers: X-File-Upload, content-type
Access-Control-Allow-Methods: POST, OPTIONS

Although probably not problematic for your current use case, you should also look at the following two headers:

Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:*

Either remove Access-Control-Allow-Credentials: true, or set a non-wildcard Access-Control-Allow-Origin response header (e.g. http://example.com), because you cannot share credentials when a wildcard origin is used. ^{"The string "*" cannot be used for a resource that supports credentials."}