I tried removing the OPTIONS from Access-Control-Allow-Methods header, and it didn’t seem to make any difference.
I agree the HTTP 401 is the issue, but the webpage I am trying to connect with is the one that supposed to be sending the Authorization. On KeeWeb, I click on WebDav to specify the file path and credentials, I enter the info, then hit OK to connect. So is KeeWeb not sending the credentials?