Update nginx config to set origin and hide allow origin from backends

[marcolarosa]

Hi,

Thanks for the repo! I've just changed the origin from wildcard to $http_origin so it matches whatever comes through and allows setting 'Access-Control-Allow-Credentials' which doesn't work with wildcard origins. Also, I hide the origin header sent by the backend so it doesn't clash with what's happening here.