Requests API has CORS

/api/v2/requests.json endpoints return status code is 200 but access-control-allow-origin header is missing and the console has "been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource." message.