Added HTTP domain (and tried with '*' ) in "allowedOrigins" attribute of /settings/system (POST) API.

Getting Error "Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response."

If i remove "Access-Control-Allow-Origin" header from request, it throws "No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access." error

Can we add "Access-Control-Allow-Origin" in response "Access-Control-Allow-Headers" through some rest API?

Scenario : "Implementing SSO with JWT"

Thanks.