Add CORS support for Riak add-ons [JIRA: RTS-1709]

[Basho-JIRA]

In order for Grafana Riak TS Datasource plugin to communicate with Riak TS via the HTTP interface, cross-origin resource sharing (CORS) comes into play (*), so should be opened.

To allow customers to specify the allowable origins w/i their environment, the allowable_origins should be configurable. That said, the add-on and others that may come are optional so should be configured in advanced.config.

CORS provides for a wildcard match for all origins "*". While this may be used, we should provide ample reason why this should not be used in documentation for the feature.

While Grafana is mentioned here several times, this feature opens Riak TS to other such trusted add-ons where the trust is configured by the customer.

An alternative to providing CORS support is to force the customer to setup a reverse proxy, i.e. nginx which intentionally disregards CORS. This option IMHO should be left as an option to the customer, not forced upon the customer, especially since such a reverse proxy provides a tunnel that can be abused by malicious services which the reverse proxy did not intend to grant such access to.

*) Grafana plugins are javascript and generally make direct calls to the underlying web services. Grafana does allow for proxying, but even then the Grafana service proxying respects CORS so passes Origin and Referer headers, i.e. the following simplified curl request yanked from the net tab:

curl -XPOST http://localhost:10018/ts/v1/query -d 'SHOW TABLES' -H 'Origin: http://localhost:3000' -H 'Referer: http://localhost:3000/datasources/edit/5'

Riak TS http in ^^ is listening on 10018. Grafana is listening on 3000.

[Created in JIRA by James Gorlick]