It would be useful to be able to make cross domain API requests to endpoints like 'playing-now' and 'listens' from the browser. Currently only a few endpoints have this enabled, but the ones related to fetching recent listens throw a cross-origin request error.

This would enable people working with javascript access to their listen data and empower them to create cool things!

As an example, the recent save endpoint in the new follow API added functionality to make cross origin requests:

https://github.com/metabrainz/listenbrainz-server/pull/532

I think the most useful ones to start with would be:

/user/<user_name>/listens

and

/user/(user_name)/playing-now

as these are both related to fetching basic recent user activity, and currently have no requirement for an authorisation header to be present.

Theres one more which seem like they could be done at the same time (validate-token), but I'm not certain about the value?