Simple CORS using .htaccess file.
Cross-Origin Resource Sharing (CORS) allows web browser to validate and web server to provide a way to consume and provide cross-site content and access controls.
To make Drupal 8 respond to remote calls you should wait for the core issue https://www.drupal.org/node/1869548 which is postponed until Drupal 8.1.x or wait for the D8 version of https://www.drupal.org/project/cors
The alternative is using .htaccess and open up your Drupal install for the whole world use the settings below.
Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, PATCH, DELETE" Header always set Access-Control-Allow-Headers: Authorization
Make sure you reduce origin to a list of IPs or domains and the methods to e.g. only GET
For more info see https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS