Normally you'll see this if you're posting from one domain to another or if you're posting from an http
source to an https
end point even on the same domain.
Have you tried setting this header?
Access-Control-Allow-Origin", "*"
Obviously using *
is a bit too broad and you'll want to narrow but see if that fixes your issue.