We have a web application that authenticates with K2 Cloud using OAuth. The application domain is listed in the allowed domains for CORS in the Workflow REST API settings, and we can successfully execute requests against the Workflow REST API from the web application. However, when executing OData requests to SmartObjects that have been exposed through the SmartObject OData settings, requests fail the preflight checks as it's "blocked by CORS policy".
The SmartObject OData API is configured correctly and the SmartObject has been exposed correctly, as exactly the same requests are successful through Postman. Is there any way to configure CORS settings for SmartObject OData requests?