$removeparam causes that preflight request is blocked

[AdamWr]

Steps to reproduce

1. Add this rule:

||api.github.com^$removeparam=abc,xmlhttprequest

2. Go to - https://example.org/
3. Run this script in console:

(() => {
  const myHeaders = new Headers();
  myHeaders.append('Content-Type', 'application/zip');
  const myRequest = new Request('https://api.github.com/?abc=test', {
    method: 'GET',
    headers: myHeaders,
    mode: 'cors'
  });
  fetch(myRequest).then(response => {
    return response.text();
  }).then(text => {
    console.log(text);
  }).catch(e => {
    console.log('Error: ', e);
  });
})();

If $removeparam rule is added then request is blocked.

Access to fetch at 'https://api.github.com/?abc=test' from origin 'https://example.org' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

Screenshot

If rule is disabled then request is not blocked.

Screenshot

I'm not sure if it's a bug or CoreLibs limitation, but it seems that this issue doesn't occur with extension.

[sfionov]

Yes, we shouldn't redirect preflights but strip parameters on the fly.