I can find a lot of examples demonstrating this with the SDK, but I think this is just usable if you connect from the outside to Splunk, isn't it?
I edited the server.conf to allow CORS (crossOriginSharingPolicy = *), but this is also not working. It seems like Splunk is adding the header "x-splunk-form-key" automatically to every request. Since the only allowed header for CORS regarding the REST API is "authorization" this request fails, because of a CORS violation.
I tried to remove the header for my request with things like...