feat: allow calls from redirections

[ghusse]

When an AJAX call is redirected to another endpoint, the origin is set to the string 'null' instead of the original origin. Servers have to explicitly allow this value and return null in the corresponding cors header.

As we are preparing the authentication flow with OIDC, we will need to allow this origin, at least for authentication routes.

I did not find an easy way to let forest-express handle these cors declarations and only accept this value for routes that needed it. So the simpler solution is to allow null for all routes.

Pull Request checklist:

• [ ] Write an explicit title for the Pull Request, following Conventional Commits specification
• [ ] Create automatic tests
• [ ] No automatic tests failures
• [x] Test manually the implemented changes
• [x] Review my own code (indentation, syntax, style, simplicity, readability)
• [x] Wonder if you can improve the existing code

[forest-bot]

:tada: This PR is included in version 3.9.0 :tada:

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot :package::rocket: