Enable CORS for the WP REST API (and the REST API infrastructure now in WordPress core. Acronym all the things.
Warning: Experimental. It is not recommended you use this on live sites without understanding the implications of allowing access to your site from any host. If you wish to restrict the hosts that can perform CORS requests, the Access-Control-Allow-Origin can be modified to your requirements.