CORS issue

[lrcarvalho]

Is it possible to set the HTTP Header 'Access-Control-Allow-Origin' to '*' for every request? It will permits building mashups with api data from any domain (using JS libraries from any pages, for example)

[randelsr]

This is entirely still relevant. We've had to resort to running cors-anywhere for the past few years to get around this issue, but sure would be nice if the API itself allowed unrestricted CORS headers