chore: CORs option for yarn dev server (#7630)

* chore: Yarn dev servers require CORs headers for external proxies

Adds a flag to set CORs headers to `*` for yarn dev servers

coderd/httpmw/cors.go

@@ -0,0 +1,27 @@
+package httpmw
+
+import (
+	"net/http"
+
+	"github.com/go-chi/cors"
+)
+
+//nolint:revive
+func Cors(allowAll bool, origins ...string) func(next http.Handler) http.Handler {
+	if len(origins) == 0 {
+		// The default behavior is '*', so putting the empty string defaults to
+		// the secure behavior of blocking CORs requests.
+		origins = []string{""}
+	}
+	if allowAll {
+		origins = []string{"*"}
+	}
+	return cors.Handler(cors.Options{
+		AllowedOrigins: origins,
+		// We only need GET for latency requests
+		AllowedMethods: []string{http.MethodOptions, http.MethodGet},
+		AllowedHeaders: []string{"Accept", "Content-Type", "X-LATENCY-CHECK", "X-CSRF-TOKEN"},
+		// Do not send any cookies
+		AllowCredentials: false,
+	})
+}