Dynamic CORS

[kamicut]

Right now we are allowing CORS for all incoming requests. We can figure out a mechanism by which we only allow CORS for clients that have registered with osm teams. This could add an extra layer of security.

[willemarcel]

@kamicut Are CORS requests yet allowed? I'm having this error:

Access to fetch at 'https://mapping.team/api/my/teams' from origin 'http://127.0.0.1:3000' has been blocked by CORS policy:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.