plugins/api: fix for cross origin requests

The response headers were never getting set because of a bug in the 7c552c0
commit.  This expands the loop into a more readable form and results in the
headers getting set.

mediagoblin/plugins/api/tools.py

@@ -69,7 +69,8 @@ def json_response(serializable, _disable_cors=False, *args, **kw):
                 'Access-Control-Allow-Origin': '*',
                 'Access-Control-Allow-Methods': 'POST, GET, OPTIONS',
                 'Access-Control-Allow-Headers': 'Content-Type, X-Requested-With'}
-        (response.headers.set(key, value) for key, value in cors_headers)
+        for key, value in cors_headers.iteritems():
+            response.headers.set(key, value)
 
     return response