CORS

Description

Adds CORS support to the core.

CORS is a security feature enforced by the browser. Now the UI could potentially be served from a different origin, browsers may block API calls to the core. This MR introduces ways to whitelist such origins.

Changes

• The global settings are actually global now and are loaded statically before the server boots
• The security configuration has been restructured to make more sense.

Additions

• A CORS allowed API origins setting, which is a list of permitted origins. This has to be edited into the settings.json file, however; the settings UI breaks this but I'd rather clean all the bathrooms in the library with my tongue than fix the old settings UI
• A CORS preflight patch filter, which awards a CORS-specific authorization to preflight requests only.
• A CORS error header-patch filter, which forces headers upon valid CORS requests where Spring didn't add any

Test and Review

To be filled in by the reviewers

• All of the methods are commented to expectation

• The methods are tested to satisfaction

• There are no unnecessary files present in the MR

• The continuous integration has no problems with the MR

• The MR is filled in as requested (including labels, milestones, and reviewers)

• The documentation is up-to-date

• All nullable parameters are marked as such