Simple CORS using .htaccess file.

Cross-Origin Resource Sharing (CORS) allows web browser to validate and web server to provide a way to consume and provide cross-site content and access controls.

To make Drupal 8 respond to remote calls you should wait for the core issue which is postponed until Drupal 8.1.x or wait for the D8 version of

The alternative is using .htaccess and open up your Drupal install for the whole world use the settings below.

Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, PATCH, DELETE"
Header always set Access-Control-Allow-Headers: Authorization

Make sure you reduce origin to a list of IPs or domains and the methods to e.g. only GET

For more info see