Here is some further reading on the subject:
For security reasons, the Developer Center APIs do not support CORS and we do not advise customers to call the APIs directly from a browser since you are passing authentication information to our servers. Doing so would potentially expose your credentials to third party servers/websites. Alternatively, many customers create a proxy server as a workaround -- one user reports they added this to their proxy header("Access-Control-Allow-Origin: *"); We strongly recommend creating a proxy server.
We do not have specific recommendations since it varies by customer environment or software framework and suggest consulting the documentation of your framework.
Here’s a link to an article for further explanation on the CORS issue: