Aws-sdk-js: When the createJob method of MediaConvert is executed in a browser, the "cors" error occurs.

Confirm by changing [ ] to [x] below to ensure that it's a bug:

• [x] I've gone through Developer Guide and API reference
• [x] I've checked AWS Forums and StackOverflow for answers
• [x] I've searched for previous similar issues and didn't find any solution

Describe the bug

I want to execute createJob method of MediaConvert, then I executed forllowing script in browser
The credential used at the time of execution is a temporary one issued by STS.

const res = await new AWS.MediaConvert({apiVersion: '2017-08-29'}).createJob(params).promise();

it’s occured following CORS error

Access to XMLHttpRequest at 'https://xxxxxxx.mediaconvert.ap-northeast-1.amazonaws.com/2017-08-29/jobs' from origin 'http://yyyyy.com' has been blocked by CORS policy: Request header field x-amz-security-token is not allowed by Access-Control-Allow-Headers in preflight response.

preflight request/responsee are below.

• Request

:authority: xxxxxxx.mediaconvert.ap-northeast-1.amazonaws.com
:method: OPTIONS
:path: /2017-08-29/jobs
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: ja,en;q=0.9
access-control-request-headers: authorization,content-type,x-amz-content-sha256,x-amz-date,x-amz-security-token,x-amz-user-agent
access-control-request-method: POST

• Response

access-control-allow-headers: Authorization,Content-Type,X-Amz-Content-Sha256,X-Amz-Date,X-Amz-User-Agent
access-control-allow-methods: OPTIONS,POST,GET
access-control-allow-origin: *
content-length: 8
content-type: application/json
date: Wed, 02 Sep 2020 04:39:19 GMT
status: 200

The access-control-allow-headers in the response header of a preflight request did not contain the x-amz-security-token.

But I use STS temporary credential, then I think it should is permitted using x-amz-security-token in request headers.

Is the issue in the browser/Node.js?
Browser

If on Node.js, are you running this on AWS Lambda?

Details of the browser/Node.js version
Paste output of npx envinfo --browsers or node -v

  Browsers:
    Chrome: 85.0.4183.83
    Firefox: 79.0
    Safari: 13.1.2

SDK version number
2.744.0

• For browsers, the SDK version number is in the script tag

  src=".../aws-sdk-2.466.0.min.js"

• For Node.js, get SDK version by
  
  
  
  • running command npm list aws-sdk from your root directory
  
  
  • printing the output of console.log(AWS.VERSION) in your code where AWS = require("aws-sdk");
  
  
  • if running on Lambda and using SDK provided by Lambda runtime, you can find the SDK versions here
  
  

To Reproduce (observed behavior)
Steps to reproduce the behavior (please share code or minimal repo)

AWS.config.update({
  credentials: valid_STS_TEMPORARY_credentials,
  region: "your-region"
})

AWS.config.mediaconvert = {
  endpoint: endpoint
};

var params = {
  "Queue": queue,
  "JobTemplate": jobTemplate,
  "Role": jobRole,
  "Settings": {
    "Inputs": [
      {
        "FileInput": "s3://my-bucket/my-file.mp4"
      }
    ]
  }
};

const res = await new AWS.MediaConvert({apiVersion: '2017-08-29'}).createJob(params).promise();

Expected behavior
CreateJob succeeds

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.