When a client application is written in any of java script technologies like AngularJS, JQuery they use XMLHttpRequest. If they are doing a cross domain call to a OData service, they will be subjected to CORS, especially when any authentication is defined on the OData service.

A good write up CORS can be found here https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

Should OData as specification, recommend this to implemented on OData based services or leave it up to the service developer as implementation detail.