I couldn’t find any simple explanation of Cross Origin Request Sharing, so after digesting some large articles, I can summarize it like this:
CORS is something your browser implements for you to protect you while keeping the web functional. If your browser just allowed any webpage you are looking at to make requests to other websites, then evil people can add scripts on their websites that request “facebook.com” and steal your personal Cookies. That would be bad. So your browser doesn’t let one website (like badguys.com) to just make requests from your browser to sites like “facebook.com“. However, your browser is willing to make exceptions for servers that tell it that they’re cool with requests from other pages. So if “api.weather.com” is happy to take requests about the weather from anyone who asks (i.e. they don’t store personal cookies so nothing to steal) they include special CORS headers that tell your browser to send cross site requests, everything is OK.
Basically, your browser takes care of all this and tries to keep you safe by only allowing sites you visit to request other sites if the other site tells your browser that they’re OK with it.