When I had problems with Cors I use overload of methods in my SuperClass to solve this problem.

ClassMethod HandleDefaultCorsRequest(pUrl As %String) As %Status [ Private ]
    Do %response.SetHeader("Access-Control-Allow-Origin","*")
    Do %response.SetHeader("Access-Control-Allow-Credentials","true")
    Do %response.SetHeader("Access-Control-Allow-Methods","GET, PUT, POST, DELETE, PATCH, OPTIONS")
    Do %response.SetHeader("Access-Control-Allow-Headers","Access-Control-*, Content-Type, Authorization, Accept, Accept-Language, X-Requested-With, Origin")
    Quit $$$OK

Try to acess in your local machine this folder. There are some examples to acess the database.