Could you please explain these lines in your shell script?

ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin "[\"*\"]"

ipfs config --json API.HTTPHeaders.Access-Control-Allow-Credentials "[\"true\"]"

ipfs config --json API.HTTPHeaders.Access-Control-Allow-Methods "[\"PUT\", \"POST\", \"GET\"]"

It seems like I would be opening up my IPFS instance to be controlled by anyone throwing commands at it. How can I be sure I'm only letting your "pin on upvote" function have access to pin things on my node?