LaunchDarkly has updated its REST APIs to support Cross-Origin Resource Sharing (CORS), enabling users to directly build web pages that call the company's APIs without needing a server proxy. Authenticated CORS calls can be made using token or session-based authentication, with the latter requiring the xhr request's withCredentials property to be set as true. Additionally, for security reasons, all POST, PATCH, and PUT requests must include a Content-Type of application/json.