Add CORS allowedOrigins Property to CrossOriginResourceSharingFilter of Product REST APIs

[hisanhunais]

Purpose

This PR adds the "allowedOrigins" property to the "CrossOriginResourceSharingFilter" of the Product REST APIs.

Approach

This "allowedOrigins" property will be reading values from System parameters. The defined system parameters are as follows.

• For Publisher REST APIs : rest.api.publisher.allowed.origins
• For Store REST APIs : rest.api.store.allowed.origins
• For Gateway REST APIs : rest.api.gateway.allowed.origins
• For Service Catalog REST APIs : rest.api.service.catalog.allowed.origins

Hence, the allowed origins for a particular REST API should be configured as a system parameter as follows.

Method 1: Specify the allowed origins in the deployment.toml file under [system.parameter]

[system.parameter]
'rest.api.publisher.allowed.origins' = "https://null.jsbin.com"
'rest.api.store.allowed.origins' = "https://null.jsbin.com,https://fiddle.jshell.net"
'rest.api.gateway.allowed.origins' = "https://null.jsbin.com"
'rest.api.service.catalog.allowed.origins' = "https://js.do"

Method 2: Specify the allowed origins when starting the server

sh wso2server.sh -Drest.api.publisher.allowed.origins=https://null.jsbin.com -Drest.api.devportal.allowed.origins=https://null.jsbin.com,https://fiddle.jshell.net -Drest.api.gateway.allowed.origins=https://null.jsbin.com -Drest.api.service.catalog.allowed.origins=https://js.do

[malinthaprasan]

is that 'rest.api.devportal.allowed.origins'? not 'rest.api.store.allowed.origins' right

[malinthaprasan]

Shall we also mention this in https://apim.docs.wso2.com/en/latest/develop/product-apis/advanced-configurations/
Please create a doc issue and followup.

[hisanhunais]

is that 'rest.api.devportal.allowed.origins'? not 'rest.api.store.allowed.origins' right

Sorry. Yes, it should be 'rest.api.devportal.allowed.origins'.

[hisanhunais]

Updated Content

Purpose

This PR adds the "allowedOrigins" property to the "CrossOriginResourceSharingFilter" of the Product REST APIs.

Approach

This "allowedOrigins" property will be reading values from System parameters. The defined system parameters are as follows.

• For Publisher REST APIs : rest.api.publisher.allowed.origins
• For DevPortal REST APIs : rest.api.devportal.allowed.origins
• For Gateway REST APIs : rest.api.gateway.allowed.origins
• For Service Catalog REST APIs : rest.api.service.catalog.allowed.origins

Hence, the allowed origins for a particular REST API should be configured as a system parameter as follows.

Method 1: Specify the allowed origins in the deployment.toml file under [system.parameter]

[system.parameter]
'rest.api.publisher.allowed.origins' = "https://null.jsbin.com"
'rest.api.devportal.allowed.origins' = "https://null.jsbin.com,https://fiddle.jshell.net"
'rest.api.gateway.allowed.origins' = "https://null.jsbin.com"
'rest.api.service.catalog.allowed.origins' = "https://js.do"

Method 2: Specify the allowed origins when starting the server

sh wso2server.sh -Drest.api.publisher.allowed.origins=https://null.jsbin.com -Drest.api.devportal.allowed.origins=https://null.jsbin.com,https://fiddle.jshell.net -Drest.api.gateway.allowed.origins=https://null.jsbin.com -Drest.api.service.catalog.allowed.origins=https://js.do