feat(cors): ✨ update SetCORSHeaders to accept Request

* Modify SetCORSHeaders function to include Request parameter.
* Set Access-Control-Allow-Origin and Access-Control-Allow-Headers to "*".
* Update all relevant calls to SetCORSHeaders across the codebase.

pkg/common/cors.go

@@ -114,11 +114,14 @@ func GetHeadSpecHeaders() []string {
 }
 
 // SetCORSHeaders sets CORS headers on a response writer
-func SetCORSHeaders(w ResponseWriter, config CORSConfig) {
+func SetCORSHeaders(w ResponseWriter, r Request, config CORSConfig) {
 	// Set allowed origins
-	if len(config.AllowedOrigins) > 0 {
-		w.SetHeader("Access-Control-Allow-Origin", strings.Join(config.AllowedOrigins, ", "))
-	}
+	// if len(config.AllowedOrigins) > 0 {
+	// 	w.SetHeader("Access-Control-Allow-Origin", strings.Join(config.AllowedOrigins, ", "))
+	// }
+
+	// Todo origin list parsing
+	w.SetHeader("Access-Control-Allow-Origin", "*")
 
 	// Set allowed methods
 	if len(config.AllowedMethods) > 0 {
@@ -126,9 +129,10 @@ func SetCORSHeaders(w ResponseWriter, config CORSConfig) {
 	}
 
 	// Set allowed headers
-	if len(config.AllowedHeaders) > 0 {
-		w.SetHeader("Access-Control-Allow-Headers", strings.Join(config.AllowedHeaders, ", "))
-	}
+	// if len(config.AllowedHeaders) > 0 {
+	// 	w.SetHeader("Access-Control-Allow-Headers", strings.Join(config.AllowedHeaders, ", "))
+	// }
+	w.SetHeader("Access-Control-Allow-Headers", "*")
 
 	// Set max age
 	if config.MaxAge > 0 {
@@ -139,5 +143,7 @@ func SetCORSHeaders(w ResponseWriter, config CORSConfig) {
 	w.SetHeader("Access-Control-Allow-Credentials", "true")
 
 	// Expose headers that clients can read
-	w.SetHeader("Access-Control-Expose-Headers", "Content-Range, X-Api-Range-Total, X-Api-Range-Size")
+	exposeHeaders := config.AllowedHeaders
+	exposeHeaders = append(exposeHeaders, "Content-Range", "X-Api-Range-Total", "X-Api-Range-Size")
+	w.SetHeader("Access-Control-Expose-Headers", strings.Join(exposeHeaders, ", "))
 }