Configure CORS to allow GET and POST to /oauth