CORS origin not working

[Sukii]

import json
urls = (
    '/api', 'api'
)

app = web.application(urls, globals())

class api:
      def POST(self):
           web.header('Content-Type', 'application/json')
           web.header('Access-Control-Allow-Origin', 'http://localhost:80')
           data = {}
           data["foo"] ="Hello"
           return json.dumps(data)

if __name__ == "__main__":
    app.run()

I am trying to use the default 8080 port of this http://localhost:8080/api from Apache http://localhost page in port 80. However, in the response web.py is not sending 'Access-Control-Allow-Origin' to the browser and I get

Access to fetch at 'http://localhost:8080/api' from origin 'http://localhost' has been blocked by CORS policy:
Response to preflight request doesn't pass access control check: 
No 'Access-Control-Allow-Origin' header is present on the requested resource.

[Sukii]

However, if the request is made from origin http://localhost:8080 then it works with following response headers:

Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: *
Content-Type: application/json

so it seems to work, but why do request from http://localhost or http://localhost:80 get blocked?

[xinthose]

This path (check_alive) works for me for GET requests. I could not get it to work with POST, so I do GET requests with the data in the URL instead.

class check_alive:
    def GET(self):
        try:
            web.header('Content-Type', 'application/json')
            web.header('Access-Control-Allow-Origin', '*')
            web.header('Access-Control-Allow-Credentials', 'true')

            return '{"status":"success", "response":""}'
        except Exception as e:
            logger.error(str(e))
            return web.internalerror('{ "message": "' + str(e) + '" }')