Added loose CORS support.

[smaragden]

I needed to add CORS header support to be able to communicate with the rest api from client web code. It could probably be more configurable.

[teskenazi]

Actually, Cross-domain is allready supported with jsonp ( http://json-p.org/ ) rather than CORS.

By the way, if you really need CORS, you should probably add PUT and DELETE methods too, since they are used by the API.

[smaragden]

Ok. Thanks. JSONP should be enough. I will close this pull request.