Misconfigured CORS

[roadscape]

From https://github.com/steemit/condenser/issues/1492:

1) It uses Security.allowDomain("*") which is extreamly dangerous https://steemconnect.com/profile Security Impact of CORS Misconfig http://yassineaboukir.com/blog/security-impact-of-a-misconfigured-cors-implementation/

[bonustrack]

This is not an issue on steemconnect.com. The interface don't expose user related information on the source code see view-source:https://steemconnect.com/profile, it just show a _csrf code which change on every request and can't be used by malicious actor. We will take this in consideration for SC2 aswell.