We generally do this at inside our global.asax file if we are having a .Net app In the global.asax file we grab the options header and replace it with suitable headers to allow the CORS support.
So in your case too, the support has to be given from the API(Service end) end.
protected void Application_BeginRequest(object sender, EventArgs e)
{
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin",
"*");
if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
{
HttpContext.Current.Response.AddHeader("Cache-Control",
"no-cache");
HttpContext.Current.Response.AddHeader(
"Access-Control-Allow-Methods",
"GET, POST");
HttpContext.Current.Response.AddHeader(
"Access-Control-Allow-Headers",
"Content-Type, Accept");
HttpContext.Current.Response.AddHeader("Access-Control-Max-Age",
"1728000");
HttpContext.Current.Response.End();
}
}