Cross-origin resource sharing (CORS) is a mechanism that allows a web page to make XMLHttpRequests to another domain. Such "cross-domain" requests would otherwise be forbidden by web browsers, per the same origin security policy.
This module provides a configuration page to map domains to paths and add the necessary Access-Control-Allow-Origin header.
Turn it on and visit /admin/config/services/cors