There's no workaround for CORS - it's a standard way of protecting your server from random access. As @apnediving
mentioned, you can use the rack-cors gem to manage the CORS policy on YOUR SERVER
If you're relying on other servers for data, you'll have to update their CORS policies to allow you to connect to them. The CORS policy is just a gatekeeper for the "host" server
Essentially, all you need to do is permit a series of endpoints (urls) to allow access from third parties (typically through xhr
-- which is why you're receiving an error). From what I can see, you'll need to sort out accessing the third party API from your app - that's under the remit of the POS service provider