CORS support

[pbsds]

Preflighted requests in for CORS send a HTTP OPTIONS requests to the server to ask for permission to use the resource cross origins. Polaris does not currently seem to handle OPTIONS requests, nor provide any of the CORS headers.

Use case: Develop polaris-web while using a remotely hosted polaris api instance

If the API is meant to be public, then enabling CORS should not be an issue. At least as an optional flag.

It seems like the default behavior for Rocket on this topic have been debated for some years and the current situation is that they don't handle it at all. But there exist a nice crate called rocket_cors which might be the solution.

For the curious, here is my dirty patch to make polaris-web use a remote endpoint

diff --git a/src/api.js b/src/api.js
--- a/src/api.js
+++ b/src/api.js
@@ -17,7 +17,7 @@ let request = function(endpoint, options) {
 		options = {};
 	}
 	options.credentials = "same-origin";
-	return fetch("api" + endpoint, options)
+	return fetch("http://192.168.0.x:5050/api" + endpoint, options)
 		.then(res => {
 			if (res.status == 401) {
 				Router.push("/auth").catch(err => { });
@@ -29,11 +29,11 @@ let request = function(endpoint, options) {
 
 export default {
 	makeAudioURL(path) {
-		return "api/audio/" + encodeURIComponent(path);
+		return "http://192.169.0.x:5050/api/audio/" + encodeURIComponent(path);
 	},
 
 	makeThumbnailURL(path) {
-		return "api/thumbnail/" + encodeURIComponent(path) + "?pad=false";
+		return "http://192.169.0.x:5050/api/thumbnail/" + encodeURIComponent(path) + "?pad=false";
 	},
 
 	initialSetup() {
@@ -42,7 +42,7 @@ export default {
 	},
 
 	login(username, password) {
-		return fetch("api/auth", {
+		return fetch("http://192.168.0.x:5050/api/auth", {
 			method: "POST",
 			body: JSON.stringify({ username: username, password: password }),
 			headers: {