Spring Support for pattern based origin cors configuration

Fix https://github.com/spring-projects/spring-framework/issues/24763

I have modified CorsConfiguration to support pattern based origins.

Obviously that can be done in a different ways, like using somehing else instead of standard java Pattern or creating a new delegatePatternCorsConfiguration instead of modifying existing one, so please let me know if the approach I've chosen is not the most suitable.

Comment From: korektur

@sdeleuze @rstoyanchev can you review please?

Comment From: rstoyanchev

@korektur, on a first pass this looks okay to me and I can take it from here.

One thing I'd like to refine is the pattern syntax to be just wildcards, as in your original https://github.com/spring-projects/spring-framework/issues/24763#issue-585831901 "*.company.com" rather than a full regex expression ".*\\.company\\.com". Internally it can still be converted to a regex so this is more about keeping the syntax simpler and more readable. Does that work for your cases?

Note also that typically it is better to rebase your PR rather than doing merges. I have corrected that locally, so please don't make any further changes.

Comment From: korektur

@rstoyanchev yes, that makes sense.

Comment From: bb-deepak

@korektur curious if this is now available. Couldn't find any documentation for this

Comment From: korektur

@bb-deepak yes it's available. You can find documentation here for example: https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/cors/CorsConfiguration.html#setAllowedOriginPatterns-java.util.List-

Comment From: bb-deepak

thank you, it's indeed mentioned in the spring cors config docs, instead of mentioned as a configurable property in spring cloud gateway docs example hence a bit difficult to find - https://cloud.spring.io/spring-cloud-gateway/reference/html/#cors-configuration @korektur .

Comment From: michael-o

Can someone for the stupid explain why this violates CORS specs with "*" and allowCredentials: true? From an external point of view it does not matter how you match internally, this should just work like with previous fixed strings allowedOrigins.

FTR: https://stackoverflow.com/a/19744754/696632