I think you are seeing the difference between the browser making the REST call in the widget, and the server making the call in the microflow. The browser implements CORS, but the server doesn’t.
Is the REST endpoint something you’ve build in your application? If it is, have you looked at the CORS settings for your endpoint? https://docs.mendix.com/refguide/cors-settings
I solved it by creating the same REST points in Mendix, which simply re-call the REST in the desired location – this way there is no CORS error, and Mendix works just like a proxy.