The CORS policy for the API is set this way for security reasons, so there’s no way to directly call the CF API from a browser.
If you want to use the API, you’ll need some sort of backend API yourself that calls the CF API since these don’t need to respect CORS headers.