If you are unfamiliar with CORS (Cross-Origin Resource Sharing), check out this excellent introduction

RESTar has built-in support for handling incoming CORS requests, and allows the administrator to set up a pre-defined list of whitelisted origins that should be allowed to make such request. For applications that accept whitelisting of CORS origins, the administrator can add such origins by including <AllowedOrigin> nodes inside the root <config> node of the XML configuration file.