This is possible fix for the a possible calls made from one application to your SharePoint side that is located in another domain.
In your SharePoint application add the following custom headers to enable requests from a different domain. Just change the header: Access-Control-Allow-Origin to point to the application who is making a call to your SharePoint application.
Also if you are making an AJAX call add the following parameter to the call:
xhrFields: { withCredentials: true }
Sample code:
jQuery.ajax({ url: requestUri, type: 'GET', dataType: 'json', headers: requestHeaders, xhrFields: { withCredentials: true }, success: function (data) { }, error: function ajaxError(response) { console.log(response.status + ' ' + response.statusText); } });
Other possible parameters for the AJAX call:
crossDomain: true
And for CORS support: $.support.cors = true;
A bit more detail can be found here in this post:
https://blog.kenaro.com/2014/03/18/cross-site-scripting-with-sharepoint-2013-rest-calls/