We've upgraded our REST APIs to support CORS. This lets anyone build web pages that call LaunchDarkly's APIs directly-- no need to proxy through a server.
You can make authenticated CORS calls just as you would make same-origin calls, using either token or session-based authentication. If you're using session auth, you should set the withCredentials property for your xhr request to true.
One last thing-- for security reasons, all POST, PATCH, and PUT calls to our API require a Content-Type of application/json.
Happy launching!