CORS is a browser mechanism that prevents unauthorized access to resources from external websites. Basically, servers send along headers that allow or prevent a client from loading files depending on where those clients are. Note that this is independent from Needle (it’s a basic mechanism of how the web functions).
In the example you shared here, it is what it is – Sharepoint is configured to NOT allow any external access by webpages to the resources it’s hosting. So, you can download those resources manually, but the server says that it is not allowed to request the resources from the epm.digital origin.
To fix this issue and allow loading the files, either the files need to be hosted somewhere else where CORS is allowed, or the Sharepoint instance needs to be configured to allow the demo.epm.digital origin (and/or other origins) to request files. Typically, there is a server-side configuration that can be made to allow specific origins (recommended) or wildcard origins (usually not recommended).