Hmm, I just tried the contact page, and it does a POST to https://zoranstepanoski-prof-website.fly.dev/api/contact-messages, but since this is the same as the domain from which the site is served, no access-control-allow-origin should be required.
It sounds from your explanation above that one has to be in dev/local mode in order to bump into the CORS problem you’ve been experiencing; I guess your domains or ports are different between front and back. You could solve this by having a proxy in front of everything, and one that works the same regardless of environment. I’d recommend Traefik for this; you can run Traefik, your frontend, and your backend locally in Docker Compose, and maybe Fly Containers remotely. Since both envs will only have one port/domain each, all CORS problems will go away, and the custom JHipster code can be removed.
Traefik is very clever; it basically works by introspecting the kind of traffic you have, and sending it to the right container. It can automatically tell the difference between frontend serving, backend REST/GraphQL, Websockets, etc.