gitlab: set cors header in nginx configuration

when accessing gitlab URL ex: lab.nexedi.com from renderjs, URL is blocked because there is no CORS.
Set cors header directly in nginx configuration, so that it's not required to create custom slave frontend configuration to include Access-Control-Allow-Origin

software/gitlab/gitlab-parameters.cfg

@@ -101,6 +101,7 @@ configuration.nginx_gzip_comp_level     = 2
 configuration.nginx_gzip_proxied        = any
 configuration.nginx_gzip_types          = text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json
 configuration.nginx_keepalive_timeout   = 65
+configuration.nginx_header_allow_origin = *
 
 # configuring trusted proxies
 # GitLab is behind a reverse proxy, so we don't want the IP address of the proxy

software/gitlab/software.cfg

@@ -293,7 +293,7 @@ md5sum  = 7782f5c5d75663c2586e28d029c51e49
 
 [gitlab-parameters.cfg]
 <= download-file
-md5sum  = 9ff67261781092ae4d1096d65927b9f2
+md5sum  = dec5d989e2d969369bd1eaffcbfb78d6
 
 [gitlab-shell-config.yml.in]
 <= download-template
@@ -325,7 +325,7 @@ md5sum  = a56a44e96f65f5ed20211bb6a54279f4
 
 [nginx-gitlab-http.conf.in]
 <= download-template
-md5sum  = 37ea159762fe25db2af6b4ac3870d1e3
+md5sum  = 697140d980c75ddc1dd0a656b1c88447
 
 [nginx.conf.in]
 <= download-template

software/gitlab/template/nginx-gitlab-http.conf.in

@@ -118,6 +118,8 @@ server {
   {# we do not support relative URL - path is always "/" #}
   {% set path = "/" %}
   location {{ path }} {
+    # Set CORS header
+    add_header 'Access-Control-Allow-Origin' {{ cfg('nginx_header_allow_origin') }};
     ## If you use HTTPS make sure you disable gzip compression
     ## to be safe against BREACH attack.
     {{ 'gzip off;' if cfg_https else ''}}