So I setup a local webserver using nginx and set the Access-Control-Allow-Origin to * as instructed here: https://serverfault.com/a/716283. and it worked fine.
I also tested it with the InControl2 api and these have the Access-Control-Allow-Origin so it also worked fine.
So I was hoping i you could implement the Access-Control-Allow-Origin header on the device webserver so I can use the device api with Javascipt. I can work around it by disabling some security options in chrome but I rather not do that.
Dylan van Elst