REST API CORS problem for oauth/token endpoint

it seems rest api has CORS ‘allow all’ only enabled for /rest/** and not for /oauth/token endpoint. i can´t get passt chrome’s cors validation. on Postman its works fine, but POST from angular does not.
any thoughts?

Thank you for your feedback. We have created an issue: