Bamboo version: 7.0.2
OS: RHEL 7.5

I have been attempting to make a separate HTML5 webpage for quick information consumption about the state of deployments (finished, failed, current release, etc) from Bamboo by using the REST API, but for the life of me cannot get anything to come through a request. Getting the information straight from the REST url works like a charm, but when it comes to using that in a fetch() or XmlHttpRequest, it's always blocked; I'm not sure if it's server-side or client-side that has the wrong configuration. 

I've tried the configurations from this infamous topic and the links in it as well: https://community.atlassian.com/t5/Bamboo-questions/How-to-enable-CORS-on-Bamboo/qaq-p/429651 and they haven't helped at all.

Trying to use the third-party CORS filter in the WEB-INF/lib results in a catastrophic failure to start (the information is for JIRA anyway- Bamboo doesn't have a whitelist in the UI?).

The conf/web.xml changes are very much a hit and/or miss for what actually is needed for it to work. In my current version, I just place about everything to see what would have an positive effect on getting the information.

In conf/web.xml:

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
  <init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value>http://127.0.0.1:8887</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.methods</param-name>
    <param-value>GET, POST, HEAD, OPTIONS, PUT</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.headers</param-name>
    <param-value>Accept, Authorization, Origin, Content-Type, X-Requested-With, Cookie, Access-Control-Allow-Headers, Access-Control-Request-Headers, Access-Control-Expose-Headers</param-value>
  </init-param>
  <init-param>
    <param-name>cors.exposed.headers</param-name>
    <param-value>Access-Control-Allow-Origin, Access-Control-Allow-Credentials</param-value>
  </init-param>
  <init-param>
    <param-name>cors.support.credentials</param-name>
    <param-value>true</param-value>
  </init-param>
  <init-param>
    <param-name>cors.preflight.maxage</param-name>
    <param-value>1800</param-value>
  </init-param>
  <init-param>
    <param-name>cors.support.credentials</param-name>
    <param-value>true</param-value>
  </init-param>
</filter>

<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

In main.js:

var headerInfo = new Headers();
headerInfo.append("Origin", "http://127.0.0.1:8887");
headerInfo.append("Content-Type", "application/json");
headerInfo.append("Authorization", "Basic abcde12345");

var requestOptions = {
  method: 'GET',
  headers: headerInfo,
  redirect: 'follow',
  mode: 'cors'
};

fetch("http://localhost:8085/rest/api/latest/deploy/environment/1015809/results?expand=results.result&max-results=1", requestOptions)
.then(response => response.text())
.catch(error => console.log('There was an error!', error))
.then(result => console.log(result));

I've tried this locally and on my existing server before, but still without any luck.

Is there a clear configuration guide for a default Bamboo installation that enables server-side CORS correctly so I can utilize the REST API? Or has someone else gotten this to work in the (recent) time with a newer version?