Allow configuring CORS policy #1
Description
Currently airbag allows CORS requests from any origin, and CORS support is on by default.
We should allow service developers to turn off or configure the CORS policy.
I suggest we add the following configuration options:
- ENABLE_CORS - default is false. Must be set to true in order for CORS to work
- ALLOWED_ORIGINS - default is none. Should be set to '*' to support all origins, or to a list of allowed origins