feat(cors): Configurable whitelist of origins that are allowed to make…

[srekapalli]

• Currently 'Gate' allows all origins and this fix is to allow only whitelisted origins if specified in the config.
• Existing behavior kept as see and the new scheme will be enabled only if 'cors.allow-mode' set to 'originlist'
• Tests here exercise both the old mode (regex) and the new (originlist).
• @cfieber : The current implementation is still out there , Pl. LMK if we need to make that also strict and not allow the requests if the origin doesn't match the RegEx. Currently we just log and won't deny the request I think🤔

[cfieber]

great start - there is a chance that the failing test is due to something missing in the CI environment since it is trying to spool up the whole app

[srekapalli]

great start - there is a chance that the failing test is due to something missing in the CI environment since it is trying to spool up the whole app

It's because I was hitting /health and that was giving 503 because it is actually running a health check behind. Switched to /version and that works just fine. '/health' works fines locally but CI server might be making a hit to a downstream app or something.

[ajordens]

Couple minor points for discussion but otherwise 👍- Good job on your first PR!