I really don't want to set up any server or install node.js on my PC just to fiddle around with that stuff.
Subscribing to this thread as I'm having the same issue. CORS is enforced by the browser client hence Postman works but Chrome etc don't.
Currently looking to implement a custom .NET web based client to do the REST calls but wouldn't need to if Access-Control-Allow-Origin could be specified on the BIG-IP!
Postman works, because it is basically a Node.js application. Because of that the CORS Policy does not apply.