Hi Evelio,
Usually, a CORS error is a sign that the external system needs to be added to the
"rest.cors.allowed-origins" setting on the backend (in your dspace.cfg or local.cfg). This setting defines which "clients" (or external sites/systems) are "trusted" by the backend and allowed to authenticate via the REST API in a web browser.
So, my best guess is that you may need to modify that setting to add the "origin" URL that was blocked. This setting can have multiple values as noted in the docs linked to above.
Tim