[BUG] CORS configuration missing allowed header

The allowed header is missing: Content-Type causing such error:

Access to fetch at 'https:///api/entitlements/v2/groups ' from origin '' has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.