make the API CORS compliant
To make the javascript client works, the API has to be CORS compliant,
because it should be queried from anywhere.
We should limit this "openning" to API URL only.
https://en.wikipedia.org/wiki/Cross-origin_resource_sharing https://www.nginx.com/nginxconf/