Ok, but what kind of configuration must I make on the xs admin tools CORS page (picture) to achieve the "Access-Control-Allow-Originheader" in postman?
The Exposed Header section seems to have a bug, because I cant add there anything. Is that the reason why it is not working?