So, there is a way to allow JS API requests from domains other than where you Discourse is hosted.
For example, you’d like to embed a topic list that is a result of search by some criteria - and you want to do it with JavaScript only, making it call your Discourse’s API.
For this to work, you’ll need to enable Cross-origin resource sharing:
For a multi-site setup, you can also use a per-instance setting:
Now The Question: Are there ANY risks by enabling it?
Be it tiny, small, medium or large, may you elaborate please - which are the risks, drawbacks or other negative sides of enabling cross-origins for a particular domain.