The CORS headers need to be sent in the response from the server you're trying to access, not in the request headers sent by your Javascript. If the initiating party was able to control the headers, then they wouldn't serve any purpose.
The
Access-Control-Allow-Origin
header should specify
the origin, not the full URL. In this case, the origin would be
http://localhost:81
.
The
Access-Control-Allow-Headers
header is used to specify the name of the HTTP headers which can be sent. Specifying a URL for this header is invalid.
Cross-Origin Resource Sharing (CORS) - HTTP | MDN[
^]