Testing API with javascript

Hello

I have production SuiteCRM and I wanted to do something with custom javaScript
I want to do it locally and when it works just push it to production
So what I did:

  1. setting up API credential
  2. testing it via Postman - works well
  3. created some js files and tested fetch API to my production SuiteCRM
  4. got CORS error trying to access my production SuiteCRM domain from localhost…

here is error
Access to fetch at 'https://mySuiteCRM.com/V8/module/...' from origin 'http://127.0.0.1' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

I’m trying to do some ugly things like rewriting Header Access-Control-Allow-Origin to “*” in my apache2 by addingHeader set Access-Control-Allow-Origin "*"

but then I got a new error
Access has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.

My JS fetch look like

fetch('https://mySuiteCRM.com/V8/module/...',
    {
        method: 'GET',
        headers: {
            'Content-Type': 'application/json;charset=utf-8',
            'Authorization': 'Bearer MyAccessToken',
        }
  }

So maybe anyone knows how can I solve this?
My idea is how can I develop some thing locally when my suitecrm API is already deployed in production?
Sure it can be a way to use local SuiteCRM but if I also wana writer some separate service (it will be another domain name) using my SuiteCRM API ?