API calls (PUT and POST) being blocked by CORS policy


I have a site where there are API calls being made to the backend. The PUTs and POSTs are being blocked a CORS policy. The message that Im seeing on the browser console is: Access to XMLHttpRequest at ‘{api-url}’ from origin ‘{site-url}’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

I tried putting in an '‘Access-Control-Allow-Origin’ entry on my nginx configuration file and running the application again tells me that ‘‘Access-Control-Allow-Origin’’ already exists with my site name and cannot have multiple entries for ‘‘Access-Control-Allow-Origin’’.

I also followed the steps outlined in https://enable-cors.org/server_nginx.html. This also didnt fix the issue.

However, presently i have configured my site (I have a Pro account) for just ‘DNS Only’ and the site is working as expected. Im attaching screenshot of Firewall overview dashboard. Also I see an article https://developers.cloudflare.com/access/setting-up-access/cors/. If I need to follow this, where shouldi be going to make the changes that its suggesting?

Any help on direction will be appreciated. Thank you