I made an account just to reply in hopes to help those of you who were stuck on the same CORS rejection error like me (for days...).

Error: CORS ERROR: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

Yes, I had the vercel.json config file include all the right headers as seen above. But I kept getting the same error.

My backend solution was astoundingly simple. I added:

if (req.method === 'OPTIONS') {
    // Handle the preflight request
    res.setHeader('Access-Control-Allow-Origin', '*'); // Allow all origins or specify specific origins
    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
    res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization'); // Allow specific headers
    res.status(200).end(); // Respond with 200 OK and terminate the response
  } else {
    // Your serverless function here
  }

Not sure why explicitly stating the headers like this worked.