Add a CORS header injection Interceptor

It an option `:allow` option to define which origins are allowed.

This may be a static string or a function which will be passed the
current `req` and `stream` structs to choose what to allow.

Author: aseigo

lib/grpc/server/interceptors/cors.ex

@@ -0,0 +1,23 @@
+defmodule GRPC.Server.Interceptors.CORS do
+  @behaviour GRPC.Server.Interceptor
+  @impl true
+  def init(opts) do
+    case Keyword.get(opts, :allow) do
+      fun when is_function(fun, 2) -> fun
+      static when is_binary(static) -> fn _, _ -> static end
+      _ -> fn _, _ -> "*" end
+    end
+  end
+
+  @impl true
+  def call(req, stream, next, allowed_fn) do
+    if stream.client_type != :grpc do
+      stream.adapter.set_headers(stream.payload, %{
+        "access-control-allow-origin" => allowed_fn.(req, stream),
+        "access-control-allow-headers" => "content-type, x-grpc-web, x-user-agent, x-api-key"
+      })
+    end
+
+    next.(req, stream)
+  end
+end