Как гласит
эта документация:
no-cors — ... In addition, JavaScript may not access any properties of the resulting Response. This ensures that ServiceWorkers do not affect the semantics of the Web and prevents security and privacy issues arising from leaking data across domains.
Для обхода CORS, используйте
JSONP, как описано в
документации ВК:
var script = document.createElement('script');
script.src = "https://api.vk.com/method/getProfiles?uid=66748&access_token=533bacf...&callback=callbackFunc";
document.getElementsByTagName("head")[0].appendChild(script);
function callbackFunc(result) {
console.log(result);
}