I am amending a website for a client and they are using a new API for their news. The news API comes from a separate domain so when I try to access I get CORS policy errors. I have said that I think they need to add the CORS Access Control header to the resource so the site can access it, but they said they don’t need to do that because the API is public.