Scim2/Me endpoint response gives a CORS issue for a user in sub organization

[lakshithakasun]

Description

It gives a CORS issue when calling the scim2/Me endpoint for a user only resides in a sub organization. Same request converted to a curl/postman it works. In the response header the "Access-Control-Allow-Credentials: true" is present but "Access-Control-Allow-Origin: http://localhost:3000" not present which can be the cause for the CORS error.

Steps to Reproduce

1. Create a standard web application in the super organization and share it with sub organizations
2. Enable "code" grant flow
3. Assign alternate subject identifier and select username
4. Give necessary API authorization permissions and select Role audience as "Organization"
5. Create a sub organization and create a user in that sub organization assign needed roles/permissions
6. Use a web application and send the authorize request (UI based)
7. Go to "Sign In with SSO" and give the sub org name
8. Obtain the token and from the same web application call the scim2/me endpoint using the token(JWT).
9. CORS issue will pop up and now copy the curl from the scim2/me(GET) request and using a terminal or postman execute
10. No errors will come up and it will give the expected response with results

Similar issues
https://github.com/wso2-enterprise/asgardeo-product/issues/27744
#20187

Version

Reproducible in both IS 7.0 and IS 7.1

Environment Details (with versions)

No response