With CORS, before making a non-simple cross-origin request, a browser makes a "preflight" request to ask the server if it's ok to make the cross-origin request
Adding CORS rules to your bucket tells B2 which preflight requests to approve
CORS rules only affect B2 operations in their "allowedOperations" list. Every rule must specify at least one in their allowedOperations. So far, only the two upload and two download operations are supported.