ability to configure cors origin

currently dogstack allows configuring of cors requests by taking `asset.url` from the app-provided config, parsing that url with `url.parse()`, and passing it to the `cors` middleware.
This is pretty inflexible, and the `cors` middleware can be passed other options (i.e. a whitelist, a regexp) - it'd be rad to implement these.