add CORS support

[peterstadler]

We should provide CORS support to facilitate cross-domain requests (see e.g. https://www.html5rocks.com/en/tutorials/cors/).

For Jenkins there exists a Cors Filter Plugin which is currently enabled at the Paderborn Jenkins with the following settings:

* Access-Control-Allow-Origins: *
* Access-Control-Allow-Methods: POST, GET, OPTIONS
* Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
* Access-Control-Expose-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
* Access-Control-Max-Age: 999

This setup needs to be (discussed and) added to the Docker image.

[peterstadler]

I just added the CORS-filter-plugin to the list of plugins that get installed automatically. Yet I have not found a way to add the configuration so one still needs to edit those lines once for a fresh install.

Maybe "Jenkins Configuration as Code" is the way to go? (see https://github.com/jenkinsci/jep/blob/master/jep/201/README.adoc and https://automatingguy.com/2018/09/25/jenkins-configuration-as-code/)

[martindholmes]

In the Jenkins root folder is this file:

org.jenkinsci.plugins.corsfilter.AccessControlsFilter.xml

which contains those settings. We could just add that to the Docker image.

[peterstadler]

I tried it but to no avail :( (even with rereading the configuration from disk)

[martindholmes]

That's a surprise! If you install the plugin, restart Jenkins, put the config file in place and restart Jenkins again, does it still fail? That's some weird voodoo. There must be some other setting hiding somewhere that has to be turned on to tell it to read the config file.