Make sure you've configured CORS access in Unleash admin UI settings as defined in the Unleash CORS Policy docs. These settings can be changed in the Unleash Dashboard under Settings -> CORS Origins or by using the API. Allowing all origins (using a single asterisk) will address this matter and is a great starting point when troubleshooting the behavior.
When receiving "No 'Access-Control-Policy' header is present on the requested resource", using the command curl -I https://<host>/<endpoint> will allow us to verify that the response includes the header Access-Control-Allow-Origin: *.