I know perfectly fine what you mean here, but in the name of security, it's important to be precise.

All websites and browsers have CORS, one way or another, as CORS is the general concept. By default, only "same-origin" requests are allowed and "cross-origin" requests are disabled. But CORS is still there none the less.

What GitHub has done in this case, is add support for "cross-origin" requests.

Nitpicky maybe, but thought it'd be useful to add to avoid any confusion.