allow CORS headers for preflight requests

[maany]

Motivation

For requests that are unsafe OR cross-origin, browsers make a preflight request to the Rucio Server. A preflight request is essentially an OPTIONS ( HTTP method) to the same endpoint where the actual request was intended.

The old WebUI never had the requirement of handling pre-flight requests, since the requests always went to the WebUI flask server, which was available on the same apache host as the rucio server:

rucio/lib/rucio/web/ui/static/rucio.js

Lines 27 to 29 in 763454f

	host = window.location.host;
	this.url = 'https://' + host + '/proxy';
	this.authurl = 'https://' + host + '/auth';

Besides the auth server, no other endpoints had to handle the HTTP OPTIONS request.

rucio/lib/rucio/web/rest/flaskapi/v1/auth.py

Lines 992 to 998 in 763454f

	user_pass_view = UserPass.as_view('user_pass')
	bp.add_url_rule('/userpass', view_func=user_pass_view, methods=['get', 'options'])
	gss_view = GSS.as_view('gss')
	bp.add_url_rule('/gss', view_func=gss_view, methods=['get', 'options'])
	x509_view = x509.as_view('x509')
	bp.add_url_rule('/x509', view_func=x509_view, methods=['get', 'options'])
	bp.add_url_rule('/x509_proxy', view_func=x509_view, methods=['get', 'options'])

However, the new UI is a React application running in the browser and any request that is made to the rucio server invokes the CORS preflight request. All of these preflight requests are blocked as the the rucio server does not handle the OPTIONS HTTP methods. (anywhere besides auth endpoints)

As a result, while the new WebUI can successfully obtain the rucio token, any subsequent request made to other endpoints of the rucio server fail.

Modification

Add a flask middleware to filter for OPTIONS requests and respond to the them with a 200 OK response if they originate from the WebUI URLs specified in the appropriate rucio.cfg section