CORS errors when executing remote jobs through API

I have remote execution of a job with parameters enabled and it is able to execute just fine if I curl it from the command line. However, I get a 403 CORS error when I try to execute the job from within one of our apps.
Error:

Access to XMLHttpRequest at 'https://jenkins.foo.com/job/barJob/buildWithParameters' from origin 'https://app.foo.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I’ve tried installing the CORS filter plugin here: https://plugins.jenkins.io/cors-filter/ and configured it like the following:

Access-Control-Allow-Origins: https://*.foo.com, https://app.foo.com
Access-Control-Allow-Methods: GET, PUT, POST, OPTIONS
Access-Control-Allow-Headers: Content-Type

I’ve also attempted to allow * as a wildcard for Access-Control-Allow-Origins to no avail. Is there anything else I need to do?

that doesn’t look right, it should be Access-Control-Allow-Origin (no s) which is a singular * or a uri, not both.

Thanks for the reply. If you look at the plugin page, that’s how it’s designed.

cool then that plugin is broken, and needs to be fixed, at least an issue needs to be reported via issue tracker.

You could put a web server infront of jenkins where you can set your own headers, or patch the plugin.