Add CORS handling

When connections to the service are created from the context of a web browser, there will be a pre-flight request first with the http OPTIONS method. Make sure to handle that, and set the Access-Control-Allow-Origin header in the reply. This will allow subsequent requests to pass. The origin header is currently set to "*" which might need to be changed depending on the deployment.