According to the JHipster docs, all CORS origins are allowed by default, and the application.yml file backs this up with the jhipster.cors.allowed-origins
application.yml
jhipster.cors.allowed-origins