"Failed to load https://[site]/Api/Workflow/preview/workflows/?_=1523444398270: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://[site]' is therefore not allowed access. The response had HTTP status code 400."
This may occur when you follow this documentation:
Our developers identified this as an issue within the product.
Workaround for K2 5.0 customers
Remove the authorization header from the AJAX call, this will let the browser prompt you for the username/password.
See the below example which works for K2 5.0 and returns the result back into the body of the html.
However, we recommend upgrading the environment to K2 5.1 because the issue has been resolved in that version.