I encounter this error when embedding a Threekit player:
Access to XMLHttpRequest at 'https://admin.threekit.com/api/cas/aac6c766-edd2-463a-889f-35ab1d24a55f?type=Node&bearer_token={TOKEN}' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
There are two things this may be, check the docs for Embedding the Threekit Player for reference.
Check that the script tag for the Threekit player matches your org environment. If you log in to Threekit at https://admin.threekit.com make sure your script tag is <script src="https://admin.threekit.com/app/js/threekit-player.js"></script>
Make sure that your auth token is correct and authenticates the URL you are embedding on. For example, this token will load a player on localhost:3000 but not 127.0.0.1:3000
