Set Appropriate Headers: Include the Access-Control-Allow-Origin header?

in responses, and specify which domains are allowed to access the resources.