Support Cross-Origin Resource Sharing #191
Description
It's a real pain that web servers refuse cross-origin requests by default. Without thinking about it, we block other web apps from using our APIs, block them from loading us in an iframe and modifying us, and doing all sorts of crazy magical things.
I would like tree to stand out and set a Cross-Origin policy to welcome everyone to do anything. It just doesn't make to block certain ways to access our public API.
Besides, XSS / man-in-the-middle / clickjacking et al are sometimes an easier way to create innovative proof-of-concepts than having to understand all of a project's internals and contribute prototypes to it.