Make sure you emit the headers on the OPTIONS pre-flight request. You don't need to emit it on GET or POST requests, you're allowed to emit them but it doesn't do anything.
Before the actual POST request is made your browser will issue a pre-flight request that is an OPTIONS request.
if ($_SERVER['REQUEST_METHOD'] === "OPTIONS") {
// emit CORS headers
exit;
} else {
// regular request
}