Cross-Origin Resource Sharing (CORS) provides a mechanism for browser-based applications to make requests to a resource in another domain. Using CORS, programmer can continue regular XMLHttpRequest. It is alternative to the JSONP pattern which is forced to program the callback function. In the case above, cross-site scripting (XSS) issues may happen. And JSONP only supports GET HTTP VERB.
In API Gateway, HTTP listeners can be configured to support CORS to selectively allow access by web applications running in other domains. Please see the following policy setup for CORS.