CORS missing header

I am new to Istio and Oauth2.0 and I am trying to expose webapp to the internet using istio and adding authorization step using google. I have followed steps in this url “

Difference between my config and this one, is that mine has 3 services to be exposed not just one, one of them is qraphql using apollo server. when accessing the url from the graphql playground page opens, but with the below error and attached screenshot shows error on page itself:

Access to fetch at '{Google authentication URL}' (redirected from 'https://mysite/graphql') from origin 'https://mysite' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

anyone familiar with this issue?