Is allowing corb is recommendable?

Our team was developing an android application using the ionic framework in angular js. We use the laravel framework in php for backend. In laravel, we use the passport package to provide API for the Front end team(Ionic Team).

When we try this every link is showing like

Cross-Origin Read Blocking (CORB) blocked cross-origin response with MIME type application/json. See for more details.

When we tried in POSTMAN application, yeah it works very well.
I have two questions,

One is how its work in postman and does not work when we preview the ionic app in Chrome or Firefox?

The second one is we searched and got a solution to add the header

header("Access-Control-Allow-Origin: *");

Is allowing this access is good practice? Would it do any harm in the future?(I am asking this question because someone already hacked my dummy sites database, which was completely the same practices)

Source: AngularJS