Receiving a CORS issue when requesting an access token

I am writing a Workspaces widget that needs access to the customer journey API. I first need an access token that I'm getting from

Although I can call this fine from Postman, if I use it in a widget I'm getting CORS issues:

No 'Access-Control-Allow-Origin' header is present on the requested resource

Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response.

Request header field access-control-allow-methods is not allowed by Access-Control-Allow-Headers in preflight response

I have tried using your documentation at : https://developers.avayacloud.com/avaya-experience-platform/reference/postgeneratetoken, but it doesn't give any details on the CORS headers required so as it stands your APIs are unusable!

Please give me details of the request headers required to resolve this issue!