Update documentation with browser code

[OliverPA77]

Hi,
having read a lot of the questions here and on the web around SSPI it seems there are a few common misconceptions that are easily solved.

In the end 3 lines of code solved things for me - could you please add this info to your sample code?

Browser code to use SSPI:

1. you need to add credentials:include to the fetch request:
   fetch(https://yourserver/auth, { method: 'GET', credentials:'include'})
2. your server needs to return the proper CORS headers:
   Access-Control-Allow-Origin must be returned and cannot be * but must match the origin header of the incoming request
   Access-Control-Allow-Credentials must be 'true'

That's it - couldn't be easier. Took a few hours though...
Thanks!