Support wildcard in API Gateway cors domains

docs/providers/aws/events/apigateway.md

@@ -257,6 +257,15 @@ functions:
             allowCredentials: false
 ```
 
+Wildcards are accepted. The following example will match all sub-domains of example.com over http:
+
+```yml
+    cors:
+      origins:
+        - http://*.example.com
+        - http://example2.com
+```
+
 Please note that since you can't send multiple values for [Access-Control-Allow-Origin](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin), this configuration uses a response template to check if the request origin matches one of your provided `origins` and overrides the header with the following code:
 
 ```

lib/plugins/aws/package/compile/events/apiGateway/lib/cors.js

@@ -117,12 +117,21 @@ module.exports = {
     ];
   },
 
+  regexifyWildcards(orig) {
+    return orig.map((str) => str.replace(/\./g, '[.]')
+      .replace('*', '.*'));
+  },
+
   generateCorsResponseTemplate(origins) {
+    // glob pattern needs to be parsed into a Java regex
+    // escape literal dots, replace wildcard * for .*
+    const regexOrigins = this.regexifyWildcards(origins);
+
     return (
       '#set($origin = $input.params("Origin"))\n' +
       '#if($origin == "") #set($origin = $input.params("origin")) #end\n' +
-      `#if(${origins
-        .map((o, i, a) => `$origin == "${o}"${i < a.length - 1 ? ' || ' : ''}`)
+      `#if(${regexOrigins
+        .map((o, i, a) => `$origin.matches("${o}")${i < a.length - 1 ? ' || ' : ''}`)
         .join('')}` +
       ') #set($context.responseOverride.header.Access-Control-Allow-Origin = $origin) #end'
     );

lib/plugins/aws/package/compile/events/apiGateway/lib/cors.test.js

@@ -72,7 +72,7 @@ describe('#compileCors()', () => {
         cacheControl: 'max-age=600, s-maxage=600',
       },
       'users/create': {
-        origins: ['http://localhost:3000', 'http://example.com'],
+        origins: ['http://localhost:3000', 'https://*.example.com'],
         headers: ['*'],
         methods: ['OPTIONS', 'POST'],
         allowCredentials: true,
@@ -108,7 +108,7 @@ describe('#compileCors()', () => {
           .Resources.ApiGatewayMethodUsersCreateOptions
           .Properties.Integration.IntegrationResponses[0]
           .ResponseTemplates['application/json']
-      ).to.equal('#set($origin = $input.params("Origin"))\n#if($origin == "") #set($origin = $input.params("origin")) #end\n#if($origin == "http://localhost:3000" || $origin == "http://example.com") #set($context.responseOverride.header.Access-Control-Allow-Origin = $origin) #end');
+      ).to.equal('#set($origin = $input.params("Origin"))\n#if($origin == "") #set($origin = $input.params("origin")) #end\n#if($origin.matches("http://localhost:3000") || $origin.matches("https://.*[.]example[.]com")) #set($context.responseOverride.header.Access-Control-Allow-Origin = $origin) #end');
 
       expect(
         awsCompileApigEvents.serverless.service.provider.compiledCloudFormationTemplate
@@ -230,7 +230,7 @@ describe('#compileCors()', () => {
           .Resources.ApiGatewayMethodUsersAnyOptions
           .Properties.Integration.IntegrationResponses[0]
           .ResponseTemplates['application/json']
-      ).to.equal('#set($origin = $input.params("Origin"))\n#if($origin == "") #set($origin = $input.params("origin")) #end\n#if($origin == "http://localhost:3000" || $origin == "http://example.com") #set($context.responseOverride.header.Access-Control-Allow-Origin = $origin) #end');
+      ).to.equal('#set($origin = $input.params("Origin"))\n#if($origin == "") #set($origin = $input.params("origin")) #end\n#if($origin.matches("http://localhost:3000") || $origin.matches("http://example[.]com")) #set($context.responseOverride.header.Access-Control-Allow-Origin = $origin) #end');
 
       expect(
         awsCompileApigEvents.serverless.service.provider.compiledCloudFormationTemplate