The CORS settings for Login API Endpoint are made in the portal properties.
Step-by-step guide
Proceed as follows to make the CORS settings for API login endpoints:
Open the portal properties ("Portal" > "Properties")
Select the "Security" entry.
Go to the tab "CORS settings for login endpoints"
en.uplanet.lucy.client.portalconfigurationmanager.SecurityPageSwingPropertyPage
Click on the 
icon.
A dialog box for entering the origin domain is displayed.
Enter the origin domain.
For the origin domain to be valid, the protocol, host, and port (optional) must be specified.
Click on "OK".
The origin domain is displayed.
Step-by-step guide
Proceed as follows to make the CORS settings for Application API endpoints:
Start the application.
Click the "API Endpoints" area.
Make sure that the API endpoints view is activated.
("View" > "API endpoints")
Select the endpoint for which you want to make the CORS settings.
You can also mark multiple endpoints and make the CORS settings for all marked endpoints at the same time.
Click on the 
icon.
The "API Settings" dialog box is displayed.
en.uplanet.lucy.client.appdesigner.viewpane.api.ApiEndpointCorsSettingsPage
Allow All Origins (*)
The "Allow All Origins (*)" option sets a wildcard as the origin, which allows access to the endpoints from all possible sources.
Use Whitelist
The whitelist can be used to allow endpoints to be called from individual sources. By default, an empty whitelist is selected. This allows the API endpoints to be called only from within the same domain.
Click the icon to create an entry in the whitelist.
Click on "OK".