HTTP access control (CORS) purpose

For your own good.

If you disable CORS the following can happen:

I send you link to a page called hackfacebook.com for example. When you visit my page, I then request the facebook.com page using an AJAX request which if you are logged in returns the page content as well as your session cookie.

I now as the owner of hackfacebook.com have your login session.

As you can see disabling CORS is at your own risk as it can open up another attack.