CORS policy problem: Access-Control-Allow-Origin

In security you have:

cors": {
    "enabled": false,
    "headers": "*"
  },

It should be enabled