Not sure +1’s help that much. If it were volume of requests, I’d imagine they would have add mDNS long ago. But they ACK’ed so imagine it’s on a list…when, dunno.
X509 is NOT need for CORS. Just their security is consideration in how you’d use CORS, but you kinda need CORS working before moving on X.509.
Basically issue with CORS is the client-side code needs to store the username/password SOMEPLACE. That could be memory (e.g. HTML form field that’s not submitted with username/password) or browser’s persisted “local storage” can work, both work without X.509. Other approaches to but REST password has to live someplace. But using an X.509 CLIENT-SIDE certificate be better way to authenticate with Mikrotik REST to AVOID needing a password. The build.sh etc here can do this using NGINX’s X.509 support, just complex… You’d can read the commends in the build.sh etc. but it is complex.
But I’d recommend getting the basics working first, before messing with X.509.