Inspired by the great node-cors module. Configures the Access-Control-Allow-Origin CORS header. Expects a string (ex: http://example.com). Set to true to reflect the request origin, as defined by req.header('Origin'). Set to false to disable CORS. Can also be set to a function, which takes the request as the first parameter.