Fix CORS problem by submitting un-credentialed requests
Keystone API v2 returns auth token in response body rather than a header, which lets us access it using code that came from a different origin. This lets us run Exosphere in a browser with no hackery to disable CORS.