CorsConfiguration based on pattern matching #24763
Description
Affects: Spring Web 5.2.4.RELEASE
Initial issue opened in Spring Cloud Gateway: spring-cloud/spring-cloud-gateway#1607
Application APIs can be called by multiple origins. For applications that represent some kind of platform within a company it often makes sense to accept all request from orings coming from company domain, basically accept all request with origin matching a pattern *.company.com. Currently default spring CorsConfiguration supports only list of origins, I think this might not be flexible enough, as it will require configuration change every time new application within a company wants to call that REST api (especially in case of an API Gateway).
Proposal: add support for CORS configuration based on a pattern matching.
One option would'be, I guess, to extend existing CorsConfiguration class with additional fields allowedOriginPatterns and modify checkOrigin to use this property.
Or have separate CorsConfiguration implementation that is using pattern matching.
While current solution is extendible and this approach can be implemented within the application itself, I think this should be a part of framework because it's a widely used functionality and is supported by other frameworks that are used for API implementation.
For example vert.x CorsHandler suipports that: https://github.com/vert-x3/vertx-web/blob/5cd7ecaa6bead1b246b5327537ee9b82c22187bc/vertx-web/src/main/java/io/vertx/ext/web/handler/CorsHandler.java#L42
Also, Kong supports pattern based origins as well.