Mirror CORS request and allow credentials (#541)

Will follow with a separate PR to move this to 
developer mode.

Author: trueleo

server/src/handlers/livetail.rs

@@ -35,7 +35,7 @@ use arrow_flight::{
     HandshakeResponse, PutResult, SchemaResult, Ticket,
 };
 use tonic_web::GrpcWebLayer;
-use tower_http::cors::{Any, CorsLayer};
+use tower_http::cors::{AllowHeaders, AllowMethods, AllowOrigin, CorsLayer};
 
 use crate::livetail::{Message, LIVETAIL};
 use crate::metadata::STREAM_INFO;
@@ -175,11 +175,10 @@ pub fn server() -> impl Future<Output = Result<(), Box<dyn std::error::Error + S
     let svc = FlightServiceServer::new(service);
 
     let cors = CorsLayer::new()
-        // allow `GET` and `POST` when accessing the resource
-        .allow_methods(Any)
-        .allow_headers(Any)
-        .allow_origin(Any);
-    // allow requests from any origin
+        .allow_methods(AllowMethods::mirror_request())
+        .allow_headers(AllowHeaders::mirror_request())
+        .allow_origin(AllowOrigin::mirror_request())
+        .allow_credentials(true);
 
     Server::builder()
         .accept_http1(true)