Hi, welcome to the forums!
It looks like you’re setting no-cors on the request payload which means that you’re not able to access the response body or headers. Can you turn off no-cors and take a look at the response headers and body and share them here, or through DM if they have sensitive information. The response headers will tell us if the Backend Function is setting CORs correctly.