Over the Swagger UI configuration instructions (https://docs.bmc.com/docs/ars1908/using-the-rest-api-with-swagger-866352981.html) there are the following instructions 

You must enable CORS (Cross Origin Resource Sharing) on the AR System Server. The CORS headers are configured as Centralized Configuration settings

How to know which of the centralized configuration settings to modify?

This knowledge article may contain information that does not apply to version 21.05 or later which runs in a container environment. Please refer to Article Number 000385088 for more information about troubleshooting BMC products in containers.

To allow resource sharing without being restricted by CORS policies, please adjust the following 3 settings according to your environment needs. 

Access-Control-Allow-Headers: List of allowed headers you can use an * to allow any headers . More information on this here

Access-Control-Allow-Methods: List of HTTP Request Methods, REST API uses the following Methods: POST, GET, PUT, DELETE, OPTIONS or you can use * to allow all. More information on this topic here

Access-Control-Allow-Origin: List of origins that will have connectivity to the AR Server in http://server:port format.
if tomcat would connect to AR server using swagger and the URL is http://serverA.abc.com:8080/swagger-ui, the value for this configuration will be http://serverA.abc.com:8080.  As this setting is a list, several can be added separated by a comma eg: http://tomcatserver:8080, http://loadbalancer:8080. Even though using * is allowed it defeats the purpose of the CORS policies . For more information on this topic 

To do this you must open your centralized configuration in the AR System Configuration Generic UI form and select Component Name com.bmc.arsys.server.shared




Once you select the *; the configurations for that component must be added manually.

This screenshot shows a sample of valid settings



Once you set these up you can continue the steps over BMC documentation.