I was using this method to redirect to a payment vendor's secure site and it was working when on the classic forms designer, but when I switched to the modern forms designer I started getting flagged for cross origin.

Since the user has already interacted with a web request button to generate the payment URL I do not want to ask them to click a hyperlink in order to proceed, that is confusing UI design.

After the web request is executed by clicking the button provided when adding a web request to a form, we want to direct them to the payment vendor's website keeping the URL visible at all times rather than in an iFrame where they can not see the domain.

The vendor then will pass them back to the secure app.laserfiche.com website after payment is completed and they can always check their URL to see where they are.

The error is 

Cross-Origin Request Blocked:  (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 404.