Enable configurable Access-Control-Allow-Origin header

[alansemenov]

Currently it's not possible to make client-side requests to Guillotine endpoint residing on another domain. We should enable cross-origin requests from all domains by default (*) but enable specifying a list of specific domains or null to forbid CORS.

    'Access-Control-Allow-Origin': '*' <--- this value should be configurable via app config file
    'Access-Control-Allow-Headers': 'Content-Type',       //this should always be sent
    'Access-Control-Allow-Methods': 'POST, OPTIONS',  //this should always be sent

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

[alansemenov]

Already done in https://github.com/enonic/app-guillotine/issues/610