In the end, it became clear that the F5 required authentication to even hit the OPTIONS method of the URL (bad practice). Even if I was somehow able to inject authorization headers into the pre-flight check, the F5 returns a 502 bad gateway error.
Throwing in the towel, I've created a PHP server to handle all interaction with the F5. While PHP was the proper architecture to begin with, it's still a bummer that the REST interface will not allow pre-flight checks.
If this changes or someone has an example of this working, please comment.