internal-endpoint-testing: introduce mandatoryheaders in cors config

Signed-off-by: Lahiru De Silva <lahirude@wso2.com>

adapter/config/default_config.go

@@ -84,6 +84,7 @@ var defaultConfig = &Config{
 				"testKey", "Internal-Key"},
 			AllowCredentials: false,
 			ExposeHeaders:    []string{},
+			MandatoryHeaders: []string{"x-choreo-test-session-id"},
 		},
 		Upstream: envoyUpstream{
 			TLS: upstreamTLS{

adapter/config/types.go

@@ -216,6 +216,7 @@ type globalCors struct {
 	AllowHeaders     []string
 	AllowCredentials bool
 	ExposeHeaders    []string
+	MandatoryHeaders []string
 }
 
 // Envoy Upstream Related Configurations

adapter/internal/oasparser/envoyconf/routes_with_clusters.go

@@ -1455,8 +1455,14 @@ func getCorsPolicy(corsConfig *model.CorsConfig) *cors_filter_v3.CorsPolicy {
 		return nil
 	}
 
-	// Append `x-choreo-test-session-id` used for internal endpoint testing to AccessControlAllowHeaders.
-	corsConfig.AccessControlAllowHeaders = append(corsConfig.AccessControlAllowHeaders, choreoTestSessionHeaderName)
+	conf, errReadConfig := config.ReadConfigs()
+	if errReadConfig != nil {
+		logger.LoggerOasparser.Error("Error loading configuration. ", errReadConfig)
+		return nil;
+	}
+	if len(conf.Envoy.Cors.MandatoryHeaders) > 0 {
+		corsConfig.AccessControlAllowHeaders = append(corsConfig.AccessControlAllowHeaders, conf.Envoy.Cors.MandatoryHeaders...)
+	}
 
 	stringMatcherArray := []*envoy_type_matcherv3.StringMatcher{}
 	for _, origin := range corsConfig.AccessControlAllowOrigins {