It is not enough to set CORS headers on the target server only. You also need to set the appropriate headers for the web server that serves your client-side HTML file.
Since you did not mention how you serve your client-side files, I can not post the right solution for you. But if you are using Apache httpd, you could put the following in the configuration or .htaccess
:
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, x-http-method-override, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"