CORS problem in SAP Mobile Services (CF)

Hi experts,

i have a problem with CORS in SAP Mobile Services. I have created a Mobile Service "App" with back-end connection via cloud connector and authentication with OAuth.

In my local envirment with a grunt proxy and from the mobile app (iOS) there are no problems. But in my webapp, which is also hosted in the SAP BTP (as MTA with local dir), i habe a CORS error.

I have added a new CORS config in my mobile services, that looks like that:

uri pattern: (.*)

allow credentials: true

origin: https://************.cfapps.eu20.hana.ondemand.com

methods: GET POST HEAD OPTIONS

headers: (all default)

In my webapp i become the same error as before:

Access to XMLHttpRequest at 'https://************.cfapps.eu20.hana.ondemand.com/oauth2/api/v1/token?grant_type=authorization_code&code=*******&client_id=*******' from origin 'https://************.cfapps.eu20.hana.ondemand.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Unfortunately the complete CORS config have no effect. Is there any other option to configure CORS?

Does anyone have any advice for me?