At work we have a few API services that are called from our clientside applications.
Most of these have some specific setups for our production, some of which are the CORS (Cross-origin resource sharing) headers that the API services provide, to ensure that the asynchronous calls are verified from our domains.
However, this also means it's a pain to test the API services, when called from JavaScript, as our setup requires the clientside requests to run from our development setup, meaning you can't test from your own workstation.
However, it's possible to disable the CORS enforcement in Chrome for instance, to avoid the CORS checks (but also, in the process, worsen your browser security), by starting Chrome with the following arguments (This is example is for a Mac, using a standard terminal):
open -a Google\ Chrome --args --disable-web-security
This will start Chrome without the CORS enforcement for the sessionm, and disable the CORS checks, allowing you to test cross-domain requests without the security issues. To enable CORS checks again, quit and restart your browser as usual.