cross origin requests are blocked in tomcat 8 with HTTP status code 403

it may seem like a known issue and many questions exist on the topic, however, my situation is very strange. I have a simple web application that is deployed on tomcat 8.0.36. I have configured the CORS properly:

<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

The cross-origin requests are blocked by the browser:

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.mytestpage.com' is therefore not allowed access. The response had HTTP status code 403.

In the tomcat log file I also see the response code of 403. What is interesting is that the code of my application is never executed in case of cross-origin requests. The requests are blocked before reaching my application and 403 is sent immediately. I have no apache in front of tomcat, it's plain tomcat. I have tried many things, including whitelisting the origins and specifying allowed headers - nothing helped. I've also tried to set the header programmatically until I found that the code in case of cross-origin request is never executed.

UPD: The end point accepts POST requests. Those POST requests are sent as XmlHttpRequests from the JS snippet.

Any ideas what it can be?

p.s I can make successful same origin requests.