Hi Matias. Thank you. Sorry I do not have much info on CORS implementation. However, what I know is that we cannot use the above implementation in browser as we will be exposing AppId, AppSecret and also the token which is not secure. I mainly use the above implementation on server side (i.e. either in an API or say an Azure function). The server side functionality will do all the hard work and provide us the required data. Hope this helps.

SharePoint developer at Content+Cloud.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store