Cross origin resource sharing (CORS)
When a browser is asked to get a piece of data from a resource on another domain the browser will take some security measures.
First it will send an OPTIONS request to the resource and checks if the resource returns with an header called: Access-Control-Allow-Origin.
This header should contain a value equal to the domain that the user is visiting on the browser. If these are not equal the browser will not send the actual request to the resource. These security measures protect the user from malicious resources that are being called by the website that is being visited.
More information about CORS can be found here.
Request CORS in Multivers Online
The WebAPI makes use of a database table called WEBAPI_CORS. This table contains 2 columns. Origin and note. After you add a domain to the origin column the WebAPI will sent that domain within the Access-Control-Allow-Origin header when an options request is being made from a browser visiting that domain. The note table can be used for extra comments. The WebAPI does nothing with this value.