CAUTION:
Allowing CORS from all domains is not default or recommended behavior for the API, and you should be fully aware of the potential consequences before proceeding, including increased server load if the API is used often.
In the event that you would like to expose the API for external consumption from all clients, setting the value of the Access-Control-Allow-Origin attribute to “*” will allow requests to the API by any host. For example:
<add name="Access-Control-Allow-Origin" value="*" />