[OPTIONS] Restrict preflight for defined origins (clients) only

[and-ratajski]

Allow only selected origins (clients) to pass their OPTIONS requests through cx-treafik-forward-auth. For the time being, if the AUTH_ALLOW_UNSEC_OPTIONS is set to true all OPTIONS requests are accepted.

Ref:

cx-traefik-forward-auth/app/src/app.ts

Lines 51 to 67 in 96395e0

	* TODO: Restrict preflight for defined origins (clients) only.
	*/
	if (AUTH_ALLOW_UNSEC_OPTIONS) {
	app.use(
	async (req: Request, res: Response, next: NextFunction): Promise<void> => {
	if (req.headers["x-forwarded-method"] === "OPTIONS") {
	logger.debug(
	`Detected OPTIONS request from ${req.url} - passing through!`
	);
	res.sendStatus(200);
	return;
	} else {
	next();
	}
	}
	);
	}