I’ve used a few different WordPress API’s – but for those of you using the ‘official’ WP-API, I had much trouble with this CORS — and what I found was that between the .htaccess approach and a few others I stumbled upon… adding this to your theme functions.php worked best.
function add_cors_http_header(){
header("Access-Control-Allow-Origin: *");
}
add_action('init','add_cors_http_header');
Be sure not to use any combinations of these ( .htaccess, header.php, api.php, functions.php ) as it will be angry at you.