CORS issue in recent versions

[joshco]

While trying the current branch of hal browser, I'm noticing CORS errors when going across site.

XMLHttpRequest cannot load http://foo.bar.baz/api/v1/. A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://haltalk.herokuapp.com' is therefore not allowed access.

This works with an older version of hal-browser.
I notice issue #58 "Allow credentials for CORS requests" which seems to set the allowCredentials option in the hal browser client.

[AndersDJohnson]

Same issue here still, when requesting an HTTPS API.