Coloquei pra rodar o SGA v1.5 em container, num ambiente com docker swarm, cada aplicação num container separado, sendo sga, paneil e triagem porém eu estava obtendo erros ao tentar abrir tickets ou selecionar senhas na triagem, erro do tipo:

Access to XMLHttpRequest at 'http://domainx:port/api/distribui' from origin 'http://domainy:port'
has been blocked by CORS policy: Response to preflight request doesn't pass access control
check: It does not have HTTP ok status.

foi necessário alterar o arquivo novosga/public/index.php para incluir e/ou modificar o final do arquivo como segue:

de:

// response

header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE");
header('Access-Control-Allow-Credentials: true');
header("Access-Control-Max-Age: 1000");
header("Access-Control-Allow-Headers: origin, x-requested-with, content-type");

$app->contentType('application/json');
$app->run();

para:

// response

// Handle CORS preflight requests
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    // CORS headers for preflight requests
    header("Access-Control-Allow-Origin: *");
    header("Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE");
    header("Access-Control-Allow-Credentials: true");
    header("Access-Control-Max-Age: 1000");
    header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization");
    
    // Send the proper response
    http_response_code(200);
    exit();
}

// CORS headers for actual requests
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE");
header("Access-Control-Allow-Credentials: true");
header("Access-Control-Max-Age: 1000");
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization");

$app->contentType('application/json');
$app->run();

Assim, consegui resolver o problema,