Adds CORS support to the core.
CORS is a security feature enforced by the browser. Now the UI could potentially be served from a different origin, browsers may block API calls to the core. This MR introduces ways to whitelist such origins.
To be filled in by the reviewers