The way i solved the cors issue atleast temporarily was to pass the content as a query param rather then in the headers. See if you can do that. And remove all headers in your get or post request. You could also pass it into the body as well.
I am using fetch from the browser to call the webhook.
Unfortunately if I try to pass the token in the headers it triggers a cors error despite all efforts to resolve it.
Hope someone here can figure this out.