[fix](httpserver) creating this cookie without the "secure" flag and enabling cross-origin resource safe (#25107)

fe/fe-core/src/main/java/org/apache/doris/httpv2/config/WebConfigurer.java

@@ -48,7 +48,7 @@ public class WebConfigurer implements WebMvcConfigurer {
         registry.addMapping("/**")
                 .allowCredentials(false)
                 .allowedMethods("*")
-                .allowedOrigins("*")
+                .allowedOrigins(Config.access_control_allowed_origin_domain)
                 .allowedHeaders("*")
                 .maxAge(3600);
     }

fe/fe-core/src/main/java/org/apache/doris/httpv2/controller/BaseController.java

@@ -103,6 +103,7 @@ public class BaseController {
     protected void addSession(HttpServletRequest request, HttpServletResponse response, SessionValue value) {
         String key = UUID.randomUUID().toString();
         Cookie cookie = new Cookie(PALO_SESSION_ID, key);
+        cookie.setSecure(true);
         cookie.setMaxAge(PALO_SESSION_EXPIRED_TIME);
         cookie.setPath("/");
         cookie.setHttpOnly(true);