Customer Account UI extension CORS issues

Hi all,

I created a Shopify app with a Customer Account UI extension. From that extension, I'm trying to call an endpoint of my main app as I need to execute so code in the back-end of my app but I'm getting CORS issues.

I updated the endpoint of my main app to return the following headers:

"Access-Control-Allow-Origin": "https://extensions.shopifycdn.com"
"Access-Control-Allow-Methods": "GET, POST, OPTIONS"
"Access-Control-Allow-Headers": "Content-Type, Authorization"

But I'm still getting the following error:

Access to fetch at 'https://my-app-url/auth/login' (redirected from 'https://my-app-url/api/getOrCreatePass') from origin 'https://extensions.shopifycdn.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

The endpoint I'm trying to get is /api/getOrCreatePass but it looks like I'm being redirected to /auth/login which gives me those CORS issues.

What can I do to fix that? Is it actually possible to call the main app's api from my Customer Account UI extension?