Is it possible to attack the library from a domain other than the installation domain?

Hello, our installation is in an isolated domain and works perfectly. When we try to attack, through the library, the development always gives a cors error in prosody. Headers have been included, configured BOSH to accept cors. Always always http-bind throws a cors error.
The domain where we call the library shares the domain root with the parent.

Thanks in advance