Thank you for the additional information!

Also, adding after the Step 3., a good practice is checking if the domain is actually accessible with a tool like https://cors-test.codehappy.dev/