You will get that if your angular app is a standalone app that is trying to to make REST calls to a server running on another domain. I see you are trying to access the hosted API. I will advice you setup your own radiology server and make REST calls to that server.
Isn’t this supposed to be an owa? Why does it seem like it’s a standalone web app?
Toolkit does not support CORS. So by default services out of the domain cannot access it’s API. I think there is a way to enable that from tomcat but that is by the way. In the first place you shouldn’t be having that error if you are building an owa and you have a local server setup. Your code should make REST calls to the server in which the owa is running not a remote server.
If that is an owa and you have a local radiology server running trying making the REST call to
Making tomcat/nginx start with CORS headers might be more work. The easiest and fastest way that I use is to close all instances of Chrome. And then start it with --user-dir --disable-web-security flags. Then it allows for cross-origin calls.
In the recent years, I am now of the opinion that demo servers are the only deployments where we should use these headers. In real implementations, one should never add those headers even on VPN connections.
This is only an intermediate problem for the next couple of months, where we will move to OAuth for FHIR OWAs during the summer.