Getting CORS when adding subdomain to access

  1. I have added in access application
  2. In the same access app have policies allow emails and service auth for token
  3. In the same access app has added
  4. In, it will access with service token in header and here the CORS issue happen
  5. Removing from access app has no CORS issue happen

More context:

  1. The subdomains is tunneled using access tunnel
  2. The access app has CORS setup
  3. The will return CORS if given origin header

Why do access behave that way and what is sensible next step to try?