Since the domain of the frontend and the backend differ, the browser will send a preflight check request to the backend for the REST calls, so this means the backend has to respond properly via CORS. In your case do not touch the apache nor nginx configs (anyways nginx is the reverse proxy on Cludron and changes won't persist).
The Laravel app then should respond with the correct CORS messages, however I am no Laravel expert so I don't know how this works with that framework.
Edit: if Laravel needs apache settings, follow the docs at https://docs.cloudron.io/apps/lamp/#apache-settings