Yii

How to properly configure yii2 CORS filter to work with Reakt?

Good afternoon.
We are trying to set up a cors filter for yii2 so that we do not have to make additional crutches.
Now it looks like this:

'corsFilter' => [
    'class' => Cors::class,
    'cors' => [
        'Origin' => ['*'],
        'Access-Control-Request-Method' => ['OPTIONS', 'GET', 'POST'],
        'Access-Control-Request-Headers' => ['Authorization,DNT,Keep-Alive,User-Agent,X-CustomHeader,X-Requested-With,If-Modified-Since,Cache-Control,Range,Content-Type'],
        'Access-Control-Allow-Credentials' => true,
        'Access-Control-Max-Age' => 3600,
        'Access-Control-Expose-Headers' => ['Content-Length,Content-Range'],
    ],
],

Despite such an extensive list of allowed headers, you still have to put a "stub" somewhere like:

public function beforeAction($action)
{
    \Yii::$app->response->headers->add('Access-Control-Allow-Headers', 'Authorization,DNT,Keep-Alive,User-Agent,X-CustomHeader,X-Requested-With,If-Modified-Since,Cache-Control,Range,Content-Type');
    return parent::beforeAction($action);
}

If we do not send additional headers, for some reason we get an error, for example, the last one:

Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight response.

In this case, the question concerns only the json type of sending, with the form-data header is not required and skips quietly.
What and where should be configured in order not to make such stubs anymore?