Access-Control-Allow-Origin / CORS config
Like #119 (closed) but with the new version (#119 (closed) should be closed imo).
To allow the js client access the API from any site, we have to set Access-Control-Allow-Origin "*" in nginx conf.
But for security reason, we should limit the effect to the API part of the site.