As per documentation, localhost based on platform must be add in the server to fixed CORS issue. But based on this forum, In some way it might affect the security. Is it really true?
I was able to fixed my issue without adding localhost and use HttpNative, HttpNative has some limitation like form data, header body controls and etc. It drives me crazy and I know HttpClient will work expected without making a lot of changes than HttpNative.