If you're after a stop gap solution, just for debugging, you can use a flag to turn it off in chrome.
[chromium executable] --disable-web-security
This is taken from this post Disable same origin policy in Chrome.
Otherwise, the addition header in the response is the right way to go. Of course, you can swap the asterisk for a list of IP addresses if you want to improve security.
See https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS for more details.