Directive providing CORS header support.
Directive providing CORS header support. This should be included in any application serving
a REST API that's queried cross-origin (from a different host than the one serving the API).
See http://www.w3.org/TR/cors/ for full specification.
the set of hosts that are allowed to query the API. These should
not include the scheme or port; they're matched only against the hostname of the Origin