Support dynamic CORS origin allow list

[willnewton]

In some cases it is useful to allow a dynamic list of CORS origin domains, for example a wild carded list of subdomains. A feature that is available in some other CORS middleware is to allow a function to be passed in to do this. For example:

https://expressjs.com/en/resources/middleware/cors.html#configuring-cors-w-dynamic-origin

One way to implement this might be to pass a function for allow_origin to the middleware which can be called in process_response.

[vytas7]

Hi @willnewton! And thanks for this interesting proposal.

I've added the needs-decision label since in general I think we want to keep the CORS functionality pretty simple and basic; maybe this would make more sense as part of a specialized add-on such as falcon-cors?

As a workaround, you can also set the Access-Control-Allow-Origin header to a custom value where it needs to deviate from the default list of domains. If you set the header in your responder, hook or middleware that runs before CORSMiddleware's process_response() method, CORSMiddleware won't interfere with it.