CORS issue in API call

Your software
My Mautic version is: Linux mautic 4.15.0-1044-aws #46-Ubuntu SMP
My PHP version is: PHP Version 7.2.19-0ubuntu0.18.04.2

Your problem
I am trying to make a call to the REST API to retrieve a form submission using JS. I am using basic authentication. I tested the access to the api with curl and works well.
CORS is enabled and the server URL is configured.

When I use it in JS I get the following error:
Access to XMLHttpRequest at ‘https://:@mautic.mysite.link/index.php/api/forms/8/submissions’ from origin ‘https://test.mysite.com’ has been blocked by CORS policy: Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response.

This is the code:

    <script>
      
        var request = new XMLHttpRequest();
      
        request.open('GET', 'https://mautic.mysite.link/index.php/api/forms/8/submissions', true, "<user>", "<password>");
        request.setRequestHeader("Access-Control-Allow-Origin","*");
    
        request.onload = function() {
            alert("loaded!");
            document.getElementById("result").innerHTML = "Ok!";
        };
    
    request.send();
    </script>