Added a new `access_control_allow_origin` option in config.toml

[deontologician]

See https://github.com/rethinkdb/horizon/pull/565

It directly sets this http header for statically served files:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Origin

Basically, what this does is let you specify which domains should be allowed to initial xhr requests that fetch the /auth_methods resource. The basic use case is you serve your javascript from a cdn, and the script on the cdn is allowed to fetch this resource exposed by the horizon server. If we add more http endpoints in the future, we'll also set the header on those endpoints.

[danielmewes]

Is this also a command-line option for hz serve or only accessible through the config file?

[deontologician]

Good catch, yes it's also a command line option