Experience Space UI runs as part of the Tridion Content Manager, since both the REST API and Experience Space UI are hosted under the same domain, there is no issue.
When we develop a NodeJs web application and make an AJAX request to Tridion REST API, it fails because of CORS - the request originated from a different domain name. (eg - web app running under http://localhost:8080 tries to make a request to http://tridion.sdldemo.com/api/ )
We are developing a Personal Blogging website using Tridion CMS. When someone creates a new blog article in our webapp, we need to make calls to Tridion Core Service REST API to create a component in the backend. The CORS issue is blocking us at the moment.
Hope this info gives bit more clarity on the submitted Idea
Can you please elaborate on what the problem is, exactly? Note that the Experience Space UI is a JavaScript client and it works with Core Service REST API without issues, so "ability to use with JavaScript client" seems to be too broadly stated.