I tried by adding the following middleware to the rules.toml traefik configuration file (added and removed the lines commented out to try to make it work):

[http.middlewares.cors.headers]

   accessControlAllowMethods= s"GET", "OPTIONS", "PUT", "POST"]

   accessControlAllowOriginList = "*"

   accessControlMaxAge = 100

addVaryHeader = true

  # accessControlAllowCredentials = true

  # isDevelopment = true

# accessControlAllowHeaders = true

I then added the middleware to the routers:

ehttp.routers.app]

 rule = "PathPrefix(`/v1`,`/v2`,`/v3`,`/configurations`,`/realtimeservice`,`/assets/botinsight`) && Method(`GET`,`POST`,`PUT`,`DELETE`,`PATCH`)"

 service = "app"

 priority = 5

 entrypoints = >"web", "websecure"]

 middlewares = p"sameOrigin", "typicalCsp", "noCache", "secHeaders", "sts", "cors"]

It shows the {‘Access-Control-Allow-Origin’ : * } header as being set when I visit

myAADomain/v1/authentication on Postman

or through AA's swaggerbut it won't work when I try to access it through the web app we're building:

A similar question was asked at this link and it remains unanswered:

https://apeople.automationanywhere.com/s/question/0D72t000002TxsmCAC/detail?language=en_USamp;s1oid=00D90000000gDTd&s1nid=0DB6F000000oMPS&emkind=chatterCommentNotification&s1uid=0052t000000r7jA&emtm=1654162916519&fromEmail=1&s1ext=0