为什么这个withAuth预检请求到未知端点返回401而不是404？

Question

为什么此预检失败请求会根据401 Unauthorized命令在Chrome开发工具而不是404 Not found中返回curl？

C:\Users\Qwerty>curl -v -X OPTIONS -u "xxxx:xxxxxx" -H "Origin: localhost" -H "Access-Control-Request-Method: GET"  -H "Accept: application/json;charset=UTF-8" -H "Content-Type: application/json;charset=UTF-8"  "https://d3qlrsv7e76o8i.cloudfront.net/marketszzz"
* timeout on name lookup is not supported
*   Trying 52.222.146.110...
* Connected to d3qlrsv7e76o8i.cloudfront.net (52.222.146.110) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=Washington; L=Seattle; O=Amazon.com, Inc.; CN=*.cloudfront.net
*  start date: Oct 20 00:00:00 2017 GMT
*  expire date: Jul 20 23:59:59 2018 GMT
*  subjectAltName: host "d3qlrsv7e76o8i.cloudfront.net" matched certs "*.cloudfront.net"
*  issuer: C=US; O=Symantec Corporation; OU=Symantec Trust Network; CN=Symantec Class 3 Secure Server CA - G4
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* TCP_NODELAY set
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Server auth using Basic with user 'admin'
* Using Stream ID: 1 (easy handle 0x25da7c0)
> OPTIONS /marketszzz HTTP/1.1
> Host: d3qlrsv7e76o8i.cloudfront.net
> Authorization: Basic TE9MIE5PUEUgOik=
> User-Agent: curl/7.48.0
> Origin: localhost
> Access-Control-Request-Method: GET
> Accept: application/json;charset=UTF-8
> Content-Type: application/json;charset=UTF-8
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2.0 404
< content-length:0
< server:nginx/1.13.3
< date:Tue, 21 Nov 2017 16:16:16 GMT
< x-content-type-options:nosniff
< x-xss-protection:1; mode=block
< cache-control:no-cache, no-store, max-age=0, must-revalidate
< pragma:no-cache
< expires:0
< x-frame-options:DENY
< access-control-allow-origin:localhost
< vary:Origin
< access-control-allow-methods:GET,POST,PUT,DELETE
< access-control-allow-credentials:true
< access-control-max-age:86400
< allow:GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
< x-cache:Error from cloudfront
< via:1.1 bae3e24625567f5728a5caa96d6b7669.cloudfront.net (CloudFront)
< x-amz-cf-id:pP3lVpDMrQjsu24hO37awDAtToRTYOmUMjb9HPOVm_PLqXryBeEckg==
<
* Connection #0 to host d3qlrsv7e76o8i.cloudfront.net left intact

如果我删除触发预检的标题，我会得到404的正确状态。

<小时/> 相关：How to get the status code of a CORS http failed preflight requets