Allowing Access-Control-Allow-Origin from anywhere (Java and ember.js)

I am using Java Jersey and Jetty on my server-side and have the following piece of code:

    responseBuilder.header("Access-Control-Allow-Origin", "http://localhost:4200");
    responseBuilder.header("Access-Control-Allow-Headers", "origin, content-type, accept, authorization, auth-token");
    responseBuilder.header("Access-Control-Allow-Credentials", "true");
    responseBuilder.header("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT");
    responseBuilder.allow("OPTIONS");

and I'm using ember.js on my client-side and have the following code:

/app/adapters/application.js:

import DS from 'ember-data';

export default DS.RESTAdapter.extend({
    host: 'http://127.0.0.1:20000',

    ajax(url, method, hash) {
        hash = hash || {};
        hash.crossDomain = true;
        hash.xhrFields = {
            withCredentials: true
        };
        return this._super(url, method, hash);
    }
});

The combination of the code works that it sends the COOKIE as part of the request and resolves the Access-Control-Allow-Origin problem.

However, my concern is that the "http://localhost:4200" is hard-coded. While it is not a problem until deployment, I suppose this restricts traffic only from http://localhost:4200? It is a web application and obviously I need to allow access from any client coming from anywhere. What changes do I need to make to my code?