Now is 2017, when would DocumentDB support CORS?
Giordano Pellegri commented
you always need a permission key to update/access DDB as a first security level. The CORS help you to save money (proxy barriers) and improve the performance allowing direct connections between clients and DDB, yes this could open security issues but this is way CORS normally is configurable to grant the access only to specific domains and specific verbs (like GET).
Anyway CORS is already supported by other Azure services like Storage, so I hope it'll be supported also by DDB (https://msdn.microsoft.com/en-us/library/azure/dn535601.aspx)
Martin Svensson commented