Browsers enforce "same-origin" access control unless the site explicitly allows cross origin requests (either via CORS or JSONP). So, if the site you are trying to access does not allow cross origin requests, then you cannot get the data directly from the site using only a browser. The browser is enforcing the same origin restrictions requested by the target site.
This is NOT security for a server at all as there are many ways around it. It only applies to one specific type of access from a browser (though that one specific type of access protection is useful).
This means to get the data into a browser you will need to use some sort of third party agent (other than the browser) that can get the data for you. The two most common ways of doing that are:
Your own server. You make a request of your own server to get some content from some other server. Your server then fetches the data from the other server and returns it to you in the browser.
A proxy server. There are some preconfigured proxy servers that are built just for doing what is described in option #1. You can either use a proxy service or install your own proxy server to do this for you or configure your own web server to have this capability.
So, you can't bypass cross origin restrictions from a cooperating browser. But, you can bypass them from a server. This is because CORs restrictions are implemented only in the browser. They aren't a server-enforced restriction. The browser asks the target server what CORs policies are in play and enforces them in the browser only. Some other server making a request to that server does not need to pay any attention to CORs policies.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…