Implementation of CORS whitelist in apigw

[imda-amdlahir]

Description

This is the fix for SCR item 11.
Implementation of CORS whitelist in apigw.

Type of Change

How to Test

1. Create .env file under APIGW root folder and add ENV var called 'ALLOWED_ORIGINS' and assign allowed origins to it. Add the allowed origins to the whitelist using comma as separator.
2. Test apigw's http APIs including the graphql endpoint from allowed and disallowed origins
3. Add 'http://localhost:4000' to allowed origins also, and test the Apollo server playground http://localhost:4000/graphql

Checklist

Please check all the boxes that apply to this pull request using "x":

• [ x] I have tested the changes locally and verified that they work as expected.
• I have added or updated the necessary documentation (README, API docs, etc.).
• I have added appropriate unit tests or functional tests for the changes made.
• [x ] I have followed the project's coding conventions and style guidelines.
• [x ] I have rebased my branch onto the latest commit of the main branch.
• I have squashed or reorganized my commits into logical units.
• I have added any necessary dependencies or packages to the project's build configuration.
• I have performed a self-review of my own code.
• I have read, understood and agree to the Developer Certificate of Origin below, which this project utilises.

Screenshots (if applicable)

[If the changes involve visual modifications, include screenshots or GIFs that demonstrate the changes.]

Additional Notes

[Add any additional information or context that might be relevant to reviewers.]

Developer Certificate of Origin

Developer Certificate of Origin
Version 1.1

Copyright (C) 2004, 2006 The Linux Foundation and its contributors.

Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.


Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
   have the right to submit it under the open source license
   indicated in the file; or

(b) The contribution is based upon previous work that, to the best
   of my knowledge, is covered under an appropriate open source
   license and I have the right under that license to submit that
   work with modifications, whether created in whole or in part
   by me, under the same open source license (unless I am
   permitted to submit under a different license), as indicated
   in the file; or

(c) The contribution was provided directly to me by some other
   person who certified (a), (b) or (c) and I have not modified
   it.

(d) I understand and agree that this project and the contribution
   are public and that a record of the contribution (including all
   personal information I submit with it, including my sign-off) is
   maintained indefinitely and may be redistributed consistent with
   this project or the open source license(s) involved.

[imda-benedictlee]

Approved

[imda-benedictlee]

Approve

[imda-benedictlee]

Approved

[imda-benedictlee]

Approve

[imda-benedictlee]

Approved

[imda-benedictlee]

Approve

[imda-benedictlee]

Approved

[imda-benedictlee]

Smoke Test For Docker Passed
Smoke Test Report For Docker.zip

[imda-benedictlee]

Frontend Test For Docker Passed

[imda-benedictlee]

Pipeline Testing For Docker Passed
Pipeline Testing For Docker.zip

[imda-amdlahir]

A couple of API-GW unit tests might fail at times because mock data generator seems to create duplicate properties in some objects where there should not be. Will investigate and fix this in separate PR.

Portal coverage changes and some lint fixes will be done in separate PR