To allow Ajax requests from a different domain and take advantages of the new REST module more globally.
W3C Draft: http://www.w3.org/TR/cors/
This header needs to be set everywhere (or pretty much everywhere).
Might be a REST module thing but putting on base system just in case.
Beta phase evaluation
|Issue priority||This is highly important to headless setups (Angular, Ember, etc.) , which often run on a different domain than their backend. Without CORS they cannot actually talk to Drupal. Given that this seems major.|
|Prioritized changes||Not a prioritized change for 8.0.x.|
|Disruption||There is no impact on existing developers. No APIs change as a result of this issue; we only add some more (disabled by default) properties to default.settings.yml|