As you probably know, we love to use Neos in our projects. The following Flow Framework Component enabled CORS for the entire application.
If enabled, CORS (Cross-origin resource sharing) allows a web page to use resources from another domain which are usually restricted. When you develop a web application on your local machine you often need CORS even if the production web page does not.
In order to enable the component you have to edit your Settings.yaml accordingly. So you can allow CORS in development settings only if you want to. Use the environment variable of the code example or inline the value.