fix cors issue

The lack of allowed origins resulted in requests being denied. Setting the allowed origins is now possible via the Application Properties and thus also via the environment variables. A wildcard is used as the default value, which should satisfy the requirements of local development. In deployed environments, this value is adapted to the domain accordingly.