Hi,
I have never tried with golang. But I have used REST API’s calling in nodejs and javascript. I faced the same problem (CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ ).
But the same passes with POST MAN and not with code(using node js or javascript).
This problem is not with you, changes has to be made at the server side.