add new options for TEMPORAL_CORS_ORIGINS and TEMPORAL_CSRF_COOKIE_INSECURE

[danthegoodman1]

What was changed

Adds options for TEMPORAL_CORS_ORIGINS and TEMPORAL_CSRF_COOKIE_INSECURE

Why?

So they can be configured more explicitly than through the additionalEnvs, lacking documentation on them so surfacing to dedicated options makes it easier to find the functionality. Also this usage is quite common for privately-networked deployments.

Checklist

1. Closes #401

2. How was this tested:

helm template

3. Any docs updates needed?

No

[danthegoodman1]

@tsurdilo what's needed to merge this?

[CLAassistant]

All committers have signed the CLA.

[karelbilek]

@tsurdilo this would be very helpful

[karelbilek]

How will this work with multiple cors origins? I am trying to decode how is UI config separating them and I don't really understand all the pieces involved

[karelbilek]

I see the env name is TEMPORAL_CORS_ORIGINS so I guess multiple is possible

but I also see this in the conf template in ui repo

  allowOrigins:
    # override framework's default that allows all origins "*"
    - {{ default .Env.TEMPORAL_CORS_ORIGINS "http://localhost:8080" }}

this seems like the value is just put into single value list? Not sure

[karelbilek]

It was fixed here (already merged)

https://github.com/temporalio/ui/pull/1572

[jphilippelingrand]

Should we close this MR?

[robholland]

A link to the web UI config docs is now included in the values.yaml. I don't think we should special case these.