Using CORS-enabled requests in the background.

Panic on short reads and other errors.

The proxy wraps endpoints (exposed as separate HTTP hosts) with single-sign-on
authentication.