12. February 2015
After some more looking I found you could simply put this in your web.config under system.webserver, and it solved the problem, though less gracefully than in code.
<add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
That was it. On my web host, I had to grant full access in the System.Configuration tag as well.