OK. I got it fixed. Here is what I have found for the next person who has this problem. In order to send a message from a browser to CI on a server via XMLHTTP, you need to set
xhr.setRequestHeader("X-REQUESTED-WITH",'xmlhttprequest');
Otherwise $this->input->is_ajax_request() will not recognize the request as ajax. But if you include X-Requested-with in your header, then your browser will send the message as OPTIONS which means it first sends a preflight request. You server code need to ignore that pre-flight which is easy since $this->input->is_ajax_request() will not return a true for a preflight. I also added the following to the .htaccess
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "Accept,Authorization,Content-Type,Origin,X-Requested-With"
Header set Access-Control-Allow-Methods "GET, POST, PATCH, PUT, DELETE, OPTION"
Header set Access-Control-Max-Age: 86400
The bottom line is that although I didn't want a preflight I was forced to deal with it because of the X-REQUESTED-WITH requirement of is_ajax_request().
proof that an old dog can learn new tricks