To add to J-H
's answer, and assuming you need some help with CORS, you should know that every host uses a CORS policy to determine who can (and can't) access their server directly
Your error is basically because your server's CORS policy is still defaulted to "denying" every direct XHR access. The way around this is to determine the endpoints on your server which will be available for external resources
It happens the best way to do this is to use the rack-cors
gem, as recommended by J-H
:)