HTML5 : Unsafe cross-origin resource sharing (CORS) policy