REST calls to a server running this module will sometimes need to come from pages served by other servers. As an administrator, I want to be able to specify which other servers are allowed to render pages requesting REST resources from another server. These IPs / FQDNs should be configured in the module's settings page and used in a new filter for the ws servlet (similar to how the AuthorizationFilter works now).
From sunbiz's comments:
Infact might be useful to implement to how the CorsFilter library does it. i.e. configurable - custom headers, max age, support credentials etc.