For security reasons, browsers restrict cross-origin HTTP requests initiated from scripts. Only in a local environment does the REST API simulate CORS enabled.
If you are getting a warning about the cross origin headers then you will need to set it up.
If you simply want to enable but don’t want to add any code snippets, you can simply install CoCart CORS Support plugin.

Enable CORS

<?php
add_filter( 'cocart_disable_all_cors', function() { return false; });
For added security when you go into production. Set the Access-Control-Allow-Origin header to be more specific.

Single Domain Access

<?php
add_filter( 'cocart_allow_origin', function() { return 'https://example-store.com'; });