Update cors headers to fix security alert

demo-proxy/etc-httpd/conf.d/httpd.conf

@@ -50,13 +50,8 @@ EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
     #Header set Strict-Transport-Security "max-age=300"
     #Header set Content-Security-Policy: upgrade-insecure-requests
 
-    Header set Access-Control-Max-Age "300"
-    # could be 'localhost', <ip-of-docker-machine>, '</etc/hosts entry>'
-    Header set Access-Control-Allow-Origin "*"
-    # allow cookies to be sent cross origin
-    Header set Access-Control-Allow-Credentials "true"
+    Header set Access-Control-Allow-Origin "${PASS_CORE_BASE_URL}"
     Header merge Access-Control-Allow-Methods "PUT, OPTIONS"
-    Header merge Access-Control-Expose-Headers "authorization"
 
     #Map /idp to Tomcat
     ProxyPass /idp https://idp:4443/idp