How to enable CORS for method GET for a specific domain in my VTEX admin

I'm getting the following error:

XMLHttpRequest cannot load http://tottoqa.vtexcommercestable.com.br/api/checkout/pub/orderForm. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://totto-lab-site.s3-website-us-east-1.amazonaws.com' is therefore not allowed access. The response had HTTP status code 405.

when requesting a GET http from my angular app, so who can I enable CORS for my VTEX admin to enable the access?, thanks in advance.

@Christian Arturo Bohórquez García unfortunately you can't make a request to Vtex API directly from the browser. Because this way you will expose your authentication credentials. To perform this, you would need to develop a back-end server on which your website will make a GET on it and the server will make a GET to Vtex API.

Vtex has some libraries that you can use and receive some data, and then treat the response using angular.

Ex:

Https://github.com/vtex/vtex.js/tree/master/docs

@Mateus Augusto Saggin​ thanks for your answer, but I think my problem wasn't clear enough, I'm getting an 'Access-Control-Allow-Origin' error when I make a GET request from my angular app to the following Vtex URL: http://tottoqa.vtexcommercestable.com.br/api/checkout/pub/orderForm, in that request I'm not sending, neither obtaining any authentication credentials, I don't even have any session at all, I'm just making a GET request to obtain an XML or a JSON with the current CheckoutCart and OrderForm data.

If I paste the Vtex URL on a Chrome browser, I obtain exactly what I need as a XML answer with all the data, or if I test that URL with a GET request from PostMan I get exactly what I need as a JSON answer with all the data, BUT when I make a GET request from my Angular app, I get an 'Access-Control-Allow-Origin' error, I just want to obtain an answer like PostMan or like Chrome from my Angular app.

@Christian Arturo Bohórquez García I understand your question, however this is a security measure implemented by browsers to prevent fraud and unauthorized access to resources in other domains.

You can check more in this link:

Https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

But basically the problem is that Vtex doesn't send in the response header the Access-Control-Allow-Origin: * statement. The request is then blocked.