Feature: Option to allow not setting CORS origins (allowed_origins)

[alexrussell]

In Auth0, the value for this inherits from the callbacks parameter and it's only for use if you want to add extra origins on, see the field description:

... By default, all your callback URLs will be allowed. This field allows you to enter other origins if you need to. You can specify multiple valid URLs by comma-separating them or one by line, and also use wildcards at the subdomain level (e.g.: https://*.contoso.com). ...

I don't know of a use-case for setting this field, but I imagine there are some for Auth0 to have it. So it's fine to keep the functionality in the plugin, but I feel that by default this field should not be amended by the plugin (as everything in the callback property will be implicitly in here).

Having an option to add to it is fine if needed, though even if people use this field in their normal Auth0 config, I still can't see why we'd use it - we only duplicate the callback stuff to all the fields.

Finally, as per #6, as you can see in the quoted text above, the description states that we can use * for wildcarding subdomains, so assuming the same assumptions from #6, we are unlikely to want to use this anyway, as devs can set up wildcard domains in the client config without needing all preview origins to be listed here. Unless my assumptions about the wildcard in #6 are indeed incorrect.

[alexrussell]

See also https://github.com/romainbessugesmeusy/netlify-plugin-auth0-patch-urls/issues/6#issuecomment-636741858 regarding wildcards subdomains.

[romainbessugesmeusy]

Will switch to wildcard subdomains, closing this issue. Thanks