New Rule: Require CORS (OWASP API8)

[philsturgeon]

User Story Description

As an API Designer I should probably create a shared CORS header and apply it to all my responses because I always forget to add CORS, and it would be nice if Spectral could remind me to spec it, so that Prism Proxy will remind me to actually code it in. Otherwise this will definitely go online without CORS.

Acceptance Criteria

• [x] MUST have Access-Control-Allow-Origin defined regardless of value.
• [x] The message points people to good CORS documentation
  • https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
  • https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

More information: https://apisecurity.io/encyclopedia/content/owasp/api7-security-misconfiguration

[github-actions[bot]]

:tada: This issue has been resolved in version 2.0.0 :tada:

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot :package::rocket: