Allow multiple origin domains for CORS

[danielvijge]

Summary

When several domains consume an API, the CORS header Access-Control-Allow-Origin is not as useful, because it only allows one domain, or all domains (with "*"). The specs do not allow for a list of domains. This change works around this by comparing the Origin header to a list of configured domain in the array 'origin_domains'. It tests if the end of the domain matches either ".{domain}" or "//{domain}". Thus, if origins_domain="example.com, example.net", a request from Origin="http://www.example.com" would be allowed, as does a request from Origin="http://example.com". But Origin="http://my-example.com" is not allowed. In this case, no Access-Control-Allow-Origin header is set.
If both origin and origin_domains are configured, origin_domains take precedence over origin.

Full changelog

• Changes to CORS plugin schema to have extra configuration for origin_domains[]
• Changes to CORS plugin handler to test for multiple domain and set correct header
• Changes to test script to test if the correct header is set when the origin domain matches
• Changes to test script to test if the header remains empty when the origin domain does not match

Issues resolved

Fix #1043

[subnetmarco]

Hello @danielvijge - can you please rebase on top of next. Tests should be working once you do that.

[pklingem]

commenting to revive this PR.

[subnetmarco]

@danielvijge I added some comments. Can you also rebase on top of next?

[thibaultcha]

Replaced by #2203, thanks!