CORS Proxy with allowlist support

Created by: pecigonzalo

To support some of our extensions, we need to send request to multiple known APIs which might not provide CORS headers by default. The extensions, which run as part of the website code, and must receive appropriate CORS headers to work.

We need to provide a valid CORS proxy, which supports the following features:

• Supports setting an allowlist set of endpoints: We want to prevent hosting an open proxy and only forward requests to a certain number of APIs.
• Disallow connection to internal services: We want to ensure the service does not act as a proxy to other internal services.
• Support rate-limit: We want to ensure the endpoint is not abused.

Notes

Rob--W/cors-anywhere seem like a possible solution, but unfortunately, it does not yet support limiting requests to an allowlist.

Additional resources:

• https://developers.cloudflare.com/workers/examples/cors-header-proxy
• https://medium.com/certik/cors-anywhere-the-dangers-of-misconfigured-third-party-software-df232aae144c
• https://github.com/Rob--W/cors-anywhere/
• https://github.com/sourcegraph/sourcegraph/issues/15025