If you are unfamiliar with CORS (Cross-Origin Resource Sharing), check out this excellent introduction
RESTar has built-in support for handling incoming CORS requests, and allows the administrator to set up a pre-defined list of whitelisted origins that should be allowed to make such request. For applications that accept whitelisting of CORS origins, the administrator can add such origins by including
<AllowedOrigin> nodes inside the root
<config> node of the XML configuration file.