I also had this same issue. I resolved it by removing 'no-cors' from javascript and adding the following in server side spring boot.
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity httpSecurity) throws Exception {
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
}
}