Cross-Origin Resource Sharing (CORS) allows AJAX requests to an API (endpoint) from a browser. Specific origin hosts can be set or all AJAX requests can be allowed.
If you want to allow more than one hosts to make AJAX requests to you REST endpoints, specify the hosts (URLs) separated by commas. To allow any host to send requests to an endpoint, use the star (*) wildcard.
To use Cross-Origin Resource Sharing for REST endpoints, follow these steps.
From the Home menu, select API Publishing.
In the Settings section, enable CORS by setting the slider to On.
Enter host URLs in the Allowed Origin Hosts field. Remember to separate each host address by a comma. Use the * wildcard to allow all hosts.
Click Update CORS settings.