We checked it and noticed two unrelated issues:
(1) The first issue is very easy. Your script requires HTTPS based URLs. In your example links, you used HTTP and FTP based URLs. Please change to HTTPS based URLs.
(2) The second issue is indeed related with CORS headers. You don't need CORS headers to download files directly with a URL, or download files on DriveHQ.com or an embedded DriveHQ iFrame. In your case, you need to download a file hosted on DriveHQ from a 3rd party website using Javascript. DriveHQ does not require CORS headers; but your browser prevented Javascript from downloading files from another website without CORS headers. We have added two HTTP headers in the response:
Access-Control-Allow-Origin
Access-Control-Expose-Headers
It is working for you now. Please let us know if you have any more questions.