Either you haven't deployed the CORS-enabled version to the server, or the API you've updated isn't the API you're calling.
Use your browser's developer tools to inspect the network request, and look at the response headers to check the
Access-Control-Allow-Origin
header.
Cross-Origin Resource Sharing (CORS) - HTTP | MDN[
^]
NB: The request works from Postman because it's not running within a browser, and is not subject to the cross-site request limits imposed on web applications.