Allow CORS requests to the gitlab oauth API

I'm making an application that I'm hosting on gitlab pages, however, I need it to use the gitlab API, and being a public site, I can't put my private key in the page (for obvious reasons). I'm setting up my app to use oauth tokens, but it throws an error about the cross origin header not existing. Why do you not have a cross origin header on the API? If you could add that in, that'd be great thanks!

Admin message

Admin message

Allow CORS requests to the gitlab oauth API