CORS Issue (maybe) - Authorization call GET (Sometimes?)

Background: I am attempting to implement Okta Authentication into an existing application (C#, Web API).

For a starting point, I looked for an example and ran:

The example worked fine. It runs on http://localhost:8080 and I entered into the web.config entered my Okta client id, secret, Redirect URI, etc…
I see an Authorization call to Okta is done once and it is an HTTP GET. All good.
Question #1: Even though it worked, why did I not have to enter http://localhost:8080 into the ‘Trusted Origins’ section which would I thought would of been needed to hit the Okta Authorization server?

My Problem

My app runs locally on
My hosts file allows my this to resolve (
Taking the Authentication code from what I learned in the example project, it WORKS for a while, and then stops working.
If I run in incognito, it never does and I get the following error. Also, after a while (still nailing down timing) it begins to not run in non-incognito mode.
In failing scenarios, I see the authorization call its an HTTP OPTIONS (what all of sudden triggers this?)
I get the following error when this call is made.

Failed to load Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '' is therefore not allowed access.

In the Okta Admin for my Authorization server, in an attempt to fix I added the following trusted origins:

Question #2: Simply looking for insight into why my custom app isn’t behaving as expected. Why is its authrorization call sometimes an OPTIONS call where Okta is not responding with the ‘Access-Control-Allow-Origin’ that I’m expecting. I believe I’ve added the proper trusted origins.

Again note, I was running my app for a while. I could see Okta claims, etc… Thank you for taking the time to help!