httpNodeCors setting issue

I am using the following setting in my runtime settings file

httpNodeCors: {
origin: 'http://localhost:8080',
methods: "POST",
credentials: true,
}

However, from the frontend when I request the get the data at the node-red endpoint using withCredentials: true, with origin of http://localhost:8080

The frontend says that the request was blocked because the preflight responded with Access-Control-Allow-Origin: *

Does anyone have any ideas on why this is happening? Its like this setting isn't being set or is being overriden

Sorry I cannot provide code to reproduce, thanks in advance.