Kein 'Access-Control-Allow-Origin'-Header vorhanden, obwohl DISCOURSE_ENABLE_CORS: true gesetzt ist

And for our single site setup setting origin in .yml vs. the admin ui should have the same effect per: What is the purpose of Settings -> Security -> CORS origins vs similar environment setting?