Fix missing CORS headers if response has 404 status

[tjquinno]

Resolves #3188

Overview

Some code had been added a while ago to the CORS logic to explicitly avoid setting CORS headers for 404 responses. This PR removes that code.

An earlier unrelated change in Helidon's Jersey support was suppressing headers added to a response if the status was 404. This PR removes that header suppression.

Two very slight behavioral changes

These are both truly bug fixes.

1. Previously, if the Helidon Jersey ResponseWriter detected a response with status 404 and no content, it would ignore any headers already set and immediately delegate to the next handler in the chain (if any). With these changes, any headers previously set on the ContainerResponse are always copied to the ServerResponse.
2. Previously, in MP, even if the cars.enabled config key was set to false, CORS processing would still occur for JAX-RS endpoints (as indicated by JAX-RS annotations). This PR includes changes so that config setting controls JAX-RS CORS behavior as well.

Details of changes

• webserver/jersey
  • ResponseWriter#writeReponseStatusAndHeaders - An earlier change deferred the transmission of the response to a later handler if the response status is 404 and the content length is 0. Change to return response (not defer) if there are any headers. This handles the case where CORS is in play and has added headers to the response even for the 404 case.
• webserver/cors
  • CorsSupportHelper#prepareResponse - If response is 404, return valid CORS headers tailored to the (failed) request instead of suppressing CORS headers.
• CrossOriginConfig - add constant used for catch-all headers in 404 responses
• Added and modified some tests.

Signed-off-by: tim.quinn@oracle.com tim.quinn@oracle.com

[spericas]

LGTM