Using Application Proxy for internal program which, after user inputs credentials, calls an API which is complaining because CORS cannot find the Access-Control-Allow-Origin header. 

Any ideas on how to either:

1 - Disable CORS on the API site.

2 - Auto add the header which is apparently stripped by Application Proxy