In response to your CORS issue, this is also something that can only be solved on the backend. The server will tell the browser, for security reasons, which domains are allowed to send requests to it. Based on your response, it looks like https://mps.rutgers.edu (the target) does not allow HTTP requests from https://project.sas.rutgers.edu (the origin).