No matter which domain I pass in, I cannot get it to work. How do I whitelist a domain for CORS in salesforce?

My app is a simple idea - upload a picture and return a prediction to tell the user what the photo is... 

I am trying to test a picture against the pre-existing General Image Classifer dataset. When I try and upload the image, use an AJAX request to https://api.einstein.ai/v2/vision/predict in order to get a prediciton back, I am getting this error message Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.einstein.ai/v2/vision/predict. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

Originally I thought it was because I was on Chrome using just and index.html file, yet even after deploying it to Heroku, I still cannot get it to work. 

Here is what my code looks like: 


```
$.ajax({
      url: 'https://api.einstein.ai/v2/vision/predict',
   //   beforeSend: function(request) {
       // request.setRequestHeader('Authority', authorizationToken);
    //  },
      method: 'POST',
      data: {
        sampleContent: `@${file}`,
        modelId: 'GeneralImageClassifier'
      },
      cache: false,
      contentType: 'multipart/form-data',
      crossDomain: true
      // 'Access-Control-Allow-Methods': 'POST',
      // 'Access-Control-Allow-Headers':
      // 'Origin, X-Requested-With, Content-Type, Accept',
      headers: {
        Authorization: '',
        'Cache-Control': 'no-cache',
        'Content-Type': 'multipart/form-data',
        'Access-Control-Allow-Credentials': true
      }
```



HELP! :)

No matter which domain I pass in, I cannot get it to work. How do I whitelist a domain for CORS in salesforce?