Native CORS support for defichain

[prasannavl]

What kind of PR is this?:

/kind feature

What this PR does / why we need it:

This adds native support for CORS for the RPC API.

This enables the following:

• Allows whitelisting communication from browser, only for the specific given origins.
• Ability to build web based apps that can use the RPC API when explicitly specified

Details

This adds the following flags to defid:

-rpcallowcors=<host> Allow CORS requests from the given host origin. 
Include scheme and port (eg: -rpcallowcors=http://127.0.0.1:5000)

When the defid is executed with, for instance: defid -rpcallowcors=http://127.0.0.1:5000

This PR adds CORS support that's needed by modern browsers to allow the specific origin to communicate with node directly.

Note: Using wildcards for Origin * is NOT supported, since this also sets up the Allow-Credentials flag that according to RFC requires that the the origin is explicit.

This enables scenarios like BirthdayResearch/defichain-app#766 natively with defichain without the need for proxies that often complicates end to end security.

Example:

[ShengguangXiao]

@prasannavl How to test it using a brower or command line?

[prasannavl]

The python test as a part of the PR should help with info on testing this with the command line.

For the browser, as one example, please see: BirthdayResearch/defichain-app#766. (It also requires the other PRs labelled in the comments).

[ShengguangXiao]

I think i get it now, on testnet start with option -rpcallowcors=http://127.0.0.1:5000, then use command curl -X OPTIONS http://127.0.0.1:18554 -i can get below reply.

HTTP/1.1 204 No Content
Access-Control-Allow-Origin: http://127.0.0.1:5000
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: Content-Type, Authorization
Date: Mon, 19 Apr 2021 04:25:25 GMT

[prasannavl]

@ShengguangXiao indeed. Enables libevent to respond to OPTIONS, as well as add headers to all other (POST) requests.