cant access public share via Ajax/XHR because your file server lacks CORS header

Given a read-only public share:
https://app.box.com/file/863575635687?s=1wjinjb1jf5gmukqzkrkxcqkrtkr5o2h

We need to access this via Ajax request, but your server provides no CORS header.
Would like to see
Access-Control-Allow-Origin: *
or a way to whitelist domains on file sharing, same as your App/API service offers.

Help?