(feat) allow cors to reflect origin

[y-nk]

Hello !

Just a small and simple PR to propose to follow up on your implementation of CORS checking. As you mentioned in the comment, it is following the express cors middleware, but missing one key feature: the ability to reflect origin when passing true as a setting value. You can find documentation here about it.

As currently developing an api, the team i work with is really dependent on this. We need to allow local development (with localhost) to target our dev environment (not localhost) along with passing credentials (withCredentials: true) in our requests. As you may know, settings cors to * won't do in that case, and we were hoping to find this feature here.

Let me know if some things are missing in this PR so we can move forward.

[coveralls]

Pull Request Test Coverage Report for Build 529

• 1 of 1 (100.0%) changed or added relevant line in 1 file are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage increased (+0.01%) to 92.578%

---

Totals
Change from base Build 521:	0.01%
Covered Lines:	688
Relevant Lines:	712

---

💛 - Coveralls

[y-nk]

@icebob as mentioned in the issue, if you prefer i can go for a bigger PR. Please let me know :)

[y-nk]

@icebob sorry for keeping you waiting. I finally updated the code according to #216 latest comments and made testing. It's worth noticing there's one breaking change here, as in default settings are not "*" anymore.