CORS Request through JavaScript: No 'Access-Control-Allow-Origin' header is present on the requested resource

I am getting the following CORS error in the console. I configured the tomcat Server web.xml and tried to play around with the request headers.. Still no luck and I get the same error.

Failed to load https://api.beeline.com/company/foundational/GetToken: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://server:8080' is therefore not allowed access. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

    <script> 

Const uri = 'https://api.beeline.com/company/foundational/GetToken';

        let h = new Headers();

        h.append('Access-Control-Allow-Origin', '*');

        h.append('ClientID', '***********');
        h.append('ClientSecret', '***************');
        h.append('UserAPIKey', '*************');
        h.append('Username', 'user');
        h.append('Accept', '*/*')

        let req = new Request(uri, {
            method: 'GET',
            headers: h
        });


        fetch(req)
            .then ( (response) => {
                if(response.ok){
                    return response.json();
                }else{
                    throw new Error();
                }
            })
            .then ( (jsonData) => {
                console.log(jsonData);
            })
            .catch( (err) =>{
                console.log('ERROR:', err.message);
            });
    </script>

I configured the Tomcat web.xml to include filter and still no luck.

<filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>*</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.methods</param-name>
        <param-value>GET,POST,PUT,DELETE,HEAD,OPTIONS</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.headers</param-name>
        <param-value>Content-Type,X-Requested-With,Accept,Authorization,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
    </init-param>
    <init-param>
        <param-name>cors.exposed.headers</param-name>
        <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern> /bia/* </url-pattern>
</filter-mapping>

General

Request URL: https://api.beeline.com/company/foundational/GetToken
Request Method: OPTIONS
Status Code: 200 OK
Remote Address: 45.45.56.***:**
Referrer Policy: no-referrer-when-downgrade

Response Headers:

        Access-Control-Allow-Headers: access-control-allow-origin,clientid,clientsecret,userapikey,username
Access-Control-Allow-Methods: GET
Connection: Keep-Alive
Content-Length: 0
Date: Thu, 11 Oct 2018 19:47:18 GMT

Request Headers:

Provisional headers are shown
Access-Control-Request-Headers: access-control-allow-origin,clientid,clientsecret,userapikey,username
Access-Control-Request-Method: GET
DNT: 1
Origin: http://server:9001
Referer: http://server:9001/bia/apiTest.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36