When getting data from DNN/2sxc while running JS on your local PC, the browser will regard this as an unsafe operation, because the domains don't match. So it will first run CORS preflights to verify this is ok. Here's how to activate it: 

  1. 2sxc 9.43+ is able to handle this automatically. Activate the feature called WebApi Options Allow Local
  2. For older installations or if you're not using 2sxc, you need to set up CORS requests in the web.config manually