We are trying to talk to the AppStoreConnect API via api.appstoreconnect.apple.com through a Chrome browser.
Unfortunately, the CORS preflight request is blocked and as a result you implicitly get the error message "has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource."
An example of a CURL OPTIONS request, where you can see that the response is a 401 HTTP status code, that should not be in this case.
curl -I 'https://api.appstoreconnect.apple.com/v1/apps/1206433997/appStoreVersions' \
-X 'OPTIONS' \
-H 'accept: */*' \
-H 'access-control-request-method: GET' \
-H 'origin: https://www.mysports.com'
HTTP/2 401
server: daiquiri/3.0.0
date: Thu, 12 Aug 2021 17:13:56 GMT
content-type: application/json
content-length: 350
strict-transport-security: max-age=31536000; includeSubDomains
x-apple-jingle-correlation-key: 7Y5RPIUSI4MNTO4KNTMVW46G2I
x-daiquiri-instance: daiquiri:38493001:pv50p00it-hyhk12043901:7987:21RELEASE130:daiquiri-amp-all-shared-ext-001-pv
The GET request should also return the Access-Control-Allow-Origin header, this should either be configurable or you allow everything by sending a wildcard * as value.
I could not find any references to CORS requests in the developer documentation.