Allow Cross-Origin Resource Sharing (CORS)

[cosmic-snow]

Describe your changes

Add the Access-Control-Allow-Origin header to the chat GUI's web API to enable CORS.

Issue ticket number and link

It was mentioned in #941 "Introduce a button in the UI Settings to enable CORS for the Web Server Mode of GPT4ALL UI."

Checklist before requesting a review

• I have performed a self-review of my code.
• If it is a core feature, I have added thorough tests.
• I have added thorough documentation for my code.
• I have tagged PR with relevant project labels. I acknowledge that a PR without labels may be dismissed.
• If this PR addresses a bug, I have provided both a screenshot/video of the original bug and the working solution.

Demo

Using the following example HTML document:

<html><head><title>CORS test</title></head>
<body>
    <script type="text/javascript">
        function foo() {
            console.log("start click handler");
            function xhrHandler(e) {
                console.log("handled.")
                console.log(e);
            };
            var xhr = new XMLHttpRequest();
            xhr.addEventListener("load", xhrHandler);
            xhr.open("GET", "http://localhost:4891/v1/models");
            xhr.send();
            console.log("end click handler");
        }
    </script>
    <input type="button" onclick="foo()" value="click me!"></input>
</body>
</html>

Without the CORS header:

With the CORS header:

Steps to Reproduce

• Use the example HTML
• Start the web server in the chat GUI
• The request is not allowed without a CORS header

Notes

C++ is not my strength, but I followed the example in the docs and it seemed straight-forward.
Please have a close look, though.

The linked issue requests a button to add to the UI. I simply enabled the header for everyone. I could make the PR more sophisticated, if necessary/desired.

[cosmic-snow]

Some more information might be appropriate:

• CORS is more of a client/browser protection mechanism and:
  • The server generally doesn't produce any JavaScript which could be loaded into a page.
  • The server is restricted to localhost anyway, so this just prevents one from creating a local web UI based on it.

The implementation is mostly just taken from the Qt QHttpServer::afterRequest examples (although these seem to be missing a few parentheses), e.g.:

server.afterRequest([] (QHttpServerResponse &&resp) { return std::move(resp); }

[zwilch]

What is the secret to access the localhost:4891 API Point within a Browser Extension or with Javascript
I still have this CORS problem:
#2181 (comment)