Genelet supports a weak CORS policy, that every browser with a proper Origin request header is allowed to retrieve API data even it is cross domain. We may modify it or allow you to customize the policy in future releases.
Another way to make cross domain API access is to use JSONP, see Section 2.3.