Header ‘authorization’ is not allowed according to header ‘Access-Control-Allow-Headers’

I am using keycloak (10.0.1) to secure the react app and spring backend.
I can get access token from keycloak. But when I am trying to get user info. I got this bug from CORS:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://example.com/auth/realms/myrealm/protocol/openid-connect/userinfo. (Reason: header ‘authorization’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response)

Does anyone have a suggestion for me or any advice?