Allow a more flexible AllowOrigin response

[aspnet-hello]

From @mharthoorn on Wednesday, October 5, 2016 12:43:56 PM

Instead of the CorsService peeking into the CorsPolicy

   policy.Origins.Contains(origin)

A method OriginAllowed(string origin) would allow for a much more flexible lookup policy. The service would then call:

  policy.OriginAllowed(origin)

This allows the policy to respond with a more ad hoc response like a (database) lookup.
The default would simply be:

        public virtual bool OriginAllowed(string origin)
        {
            return this.Origins.Contains(origin);
        }

But an override policy could become something like:

        public override bool OriginAllowed(string origin)
        {
            return repository.Exists<Sites>(s => s.Origin == origin);
        }

Copied from original issue: aspnet/CORS#89

[aspnet-hello]

From @Choc13 on Sunday, October 30, 2016 9:57:37 AM

See issue #75

[aspnet-hello]

From @Eilon on Wednesday, November 23, 2016 2:35:06 PM

We will consider this for the next version.

[pranavkm]

This is true today - CorsService uses CorsPolicy.IsOriginAllowed to determine if an origin is allowed. CorsPolicy has a settable delegate that lets you configure it - https://github.com/aspnet/CORS/blob/master/src/Microsoft.AspNetCore.Cors/Infrastructure/CorsPolicy.cs#L77