The default “setting” does indeed prevent cross origin requests, but the API can also easily set its server to accept cross origin requests.
The default “setting” does indeed prevent cross origin requests, but the API can also easily set its server to accept cross origin requests.