Add CORS Headers for PKCE SPA OIDC Code flow apps

bwreg-service/src/main/java/edu/kit/scc/webreg/service/oidc/OidcOpLoginImpl.java

@@ -326,7 +326,14 @@ public class OidcOpLoginImpl implements OidcOpLogin {
 				throw new OidcAuthenticationException("cannot create hash at the moment. This is bad.");
 			}
 		}
-	
+
+		if (clientConfig.getGenericStore().containsKey("cors_allow_regex")) {
+			String origin = request.getHeader("Origin");
+			if (origin.matches(clientConfig.getGenericStore().get("cors_allow_regex"))) {
+				response.setHeader("Access-Control-Allow-Origin", origin);
+			}
+		}
+			
 		IdentityEntity identity = flowState.getIdentity();
 
 		if (identity == null) {

bwreg-webapp/src/main/java/edu/kit/scc/webreg/oauth/OidcCertsController.java

@@ -51,6 +51,8 @@ public class OidcCertsController {
 	@Produces(MediaType.APPLICATION_JSON)
 	public String auth(@PathParam("realm") String realm, @Context HttpServletRequest request, @Context HttpServletResponse response)
 			throws IOException, OidcAuthenticationException {
+	
+		response.setHeader("Access-Control-Allow-Origin", "*");
 		
 		try {
 			logger.debug("certs called for {}", realm);

bwreg-webapp/src/main/java/edu/kit/scc/webreg/oauth/OidcWellknownController.java

@@ -47,6 +47,8 @@ public class OidcWellknownController {
 	public JSONObject wellknown(@PathParam("realm") String realm, @Context HttpServletRequest request, @Context HttpServletResponse response)
 			throws ServletException {
 
+		response.setHeader("Access-Control-Allow-Origin", "*");
+		
 		OidcOpConfigurationEntity opConfig = opService.findByRealmAndHost(realm, request.getServerName());
 		
 		if (opConfig == null) {