It isn’t the browser being aggressive. It’s a protection called CORS (Cross Origin Resource Sharing) and you should configure your API to allow it.
There are likely loads of guides whatever language / framework you are using. Users shouldn’t need to disable CORS protections to use your site