execute this method in a geddy controller needing cross-domain CORS

application.js

var Application = function () {
  // allow cross domain XHR
  this.allowCORS = function()
  {
    this.options = function(req, resp, params)
    {
      if (req.method.toLowerCase() == 'options') {
        resp.setHeaders(200,{
          'Content-Type': 'text/plain',
          'Access-Control-Allow-Origin': '*',
          'Access-Control-Allow-Methods': 'GET, PUT, POST, DELETE, OPTIONS',
          'Access-Control-Allow-Headers': 'Content-Type, Authorization, X-Requested-With',
          'Access-Control-Max-Age': 5184000   //2 months
        });
        resp.finish();
        return;
      }
    }

    var self = this;
    this.before(function(){
      self.response.resp.setHeader('Access-Control-Allow-Origin', '*');
      self.response.resp.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With');
      self.response.resp.setHeader('Access-Control-Allow-Methods', 'GET, PUT, POST, DELETE, OPTIONS');

      if (self.params['query'] && typeof self.params['query'] !== 'object') {
        self.params.query = JSON.parse(self.params.query);
      }
      if (self.params['sort'] && typeof self.params['sort'] !== 'object') {
        self.params.sort = JSON.parse(self.params.sort);
      }
    });
  }
}