The bug described here is now fixed. HUZZAH!
For any devs out there, remember to send CORS headers in your web app scripts.
