fix(apigateway): allowedOrigins are incorrectly interpreted as regexes (

#26648)

Allowed origins for CORS preflight were treated like regular expressions in the checking condition.

For example, with this spec:
```
new apigateway.RestApi(this, 'api', {
      defaultCorsPreflightOptions: {
        allowOrigins: ['https://www.firstorigin.com', 'https://www.secondorigin.com'],
      }
    })
      .root
      .addResource('hello')
      .addMethod('GET', new apigateway.MockIntegration({}));
```

Calling:
```
http OPTIONS https://xxx.execute-api.xxx.amazonaws.com/prod/hello "Origin: https://wwwXsecondorigin.com"
```

The response header would include the header (allowing the invalid origin from the request):
```
Access-Control-Allow-Origin: https://wwwXsecondorigin.com
```

This fix solves the issue.

Closes #26623.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.cors-allow-multiple-origins.js.snapshot/asset.c7bba0d9d477c86c6dc2adb0eb95842634a1c040dd3a66b42eec2bb604644d4f.handler/index.ts

@@ -0,0 +1,11 @@
+exports.handler = async (evt: any) => {
+  // eslint-disable-next-line no-console
+  console.error(JSON.stringify(evt, undefined, 2));
+  return {
+    statusCode: 200,
+    body: 'hello, cors!',
+    headers: {
+      'Access-Control-Allow-Origin': '*',
+    },
+  };
+};

packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.cors-allow-multiple-origins.js.snapshot/cdk.out

@@ -0,0 +1 @@
+{"version":"33.0.0"}

packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.cors-allow-multiple-origins.js.snapshot/integ.json

@@ -0,0 +1,12 @@
+{
+  "version": "33.0.0",
+  "testCases": {
+    "integ-cors-allow-multiple-origins/DefaultTest": {
+      "stacks": [
+        "stack-cors-allow-multiple-origins"
+      ],
+      "assertionStack": "integ-cors-allow-multiple-origins/DefaultTest/DeployAssert",
+      "assertionStackName": "integcorsallowmultipleoriginsDefaultTestDeployAssertEBF0A1B1"
+    }
+  }
+}

packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.cors-allow-multiple-origins.js.snapshot/integcorsallowmultipleoriginsDefaultTestDeployAssertEBF0A1B1.assets.json

@@ -0,0 +1,19 @@
+{
+  "version": "33.0.0",
+  "files": {
+    "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": {
+      "source": {
+        "path": "integcorsallowmultipleoriginsDefaultTestDeployAssertEBF0A1B1.template.json",
+        "packaging": "file"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    }
+  },
+  "dockerImages": {}
+}

packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.cors-allow-multiple-origins.js.snapshot/integcorsallowmultipleoriginsDefaultTestDeployAssertEBF0A1B1.template.json

@@ -0,0 +1,36 @@
+{
+ "Parameters": {
+  "BootstrapVersion": {
+   "Type": "AWS::SSM::Parameter::Value<String>",
+   "Default": "/cdk-bootstrap/hnb659fds/version",
+   "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+  }
+ },
+ "Rules": {
+  "CheckBootstrapVersion": {
+   "Assertions": [
+    {
+     "Assert": {
+      "Fn::Not": [
+       {
+        "Fn::Contains": [
+         [
+          "1",
+          "2",
+          "3",
+          "4",
+          "5"
+         ],
+         {
+          "Ref": "BootstrapVersion"
+         }
+        ]
+       }
+      ]
+     },
+     "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+    }
+   ]
+  }
+ }
+}

packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.cors-allow-multiple-origins.js.snapshot/manifest.json

@@ -0,0 +1,177 @@
+{
+  "version": "33.0.0",
+  "artifacts": {
+    "stack-cors-allow-multiple-origins.assets": {
+      "type": "cdk:asset-manifest",
+      "properties": {
+        "file": "stack-cors-allow-multiple-origins.assets.json",
+        "requiresBootstrapStackVersion": 6,
+        "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
+      }
+    },
+    "stack-cors-allow-multiple-origins": {
+      "type": "aws:cloudformation:stack",
+      "environment": "aws://unknown-account/unknown-region",
+      "properties": {
+        "templateFile": "stack-cors-allow-multiple-origins.template.json",
+        "validateOnSynth": false,
+        "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
+        "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/1680a1a109d409e5d8dfb509472821013a45d099b60b8498e38e31ac2cb1562b.json",
+        "requiresBootstrapStackVersion": 6,
+        "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
+        "additionalDependencies": [
+          "stack-cors-allow-multiple-origins.assets"
+        ],
+        "lookupRole": {
+          "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}",
+          "requiresBootstrapStackVersion": 8,
+          "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
+        }
+      },
+      "dependencies": [
+        "stack-cors-allow-multiple-origins.assets"
+      ],
+      "metadata": {
+        "/stack-cors-allow-multiple-origins/cors-api-test/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "corsapitest8682546E"
+          }
+        ],
+        "/stack-cors-allow-multiple-origins/cors-api-test/Deployment/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "corsapitestDeployment2BF1633Ad72428c37c88b8c23ef39eebb5b7e9fd"
+          }
+        ],
+        "/stack-cors-allow-multiple-origins/cors-api-test/DeploymentStage.prod/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "corsapitestDeploymentStageprod8F31F2AB"
+          }
+        ],
+        "/stack-cors-allow-multiple-origins/cors-api-test/Endpoint": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "corsapitestEndpointE63606AE"
+          }
+        ],
+        "/stack-cors-allow-multiple-origins/cors-api-test/Default/OPTIONS/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "corsapitestOPTIONS15560589"
+          }
+        ],
+        "/stack-cors-allow-multiple-origins/cors-api-test/Default/my-resource/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "corsapitestmyresource73D41BDD"
+          }
+        ],
+        "/stack-cors-allow-multiple-origins/cors-api-test/Default/my-resource/OPTIONS/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "corsapitestmyresourceOPTIONSD5275318"
+          }
+        ],
+        "/stack-cors-allow-multiple-origins/cors-api-test/Default/my-resource/GET/ApiPermission.stackcorsallowmultipleoriginscorsapitestC473FAE8.GET..my-resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "corsapitestmyresourceGETApiPermissionstackcorsallowmultipleoriginscorsapitestC473FAE8GETmyresourceB82B6C26"
+          }
+        ],
+        "/stack-cors-allow-multiple-origins/cors-api-test/Default/my-resource/GET/ApiPermission.Test.stackcorsallowmultipleoriginscorsapitestC473FAE8.GET..my-resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "corsapitestmyresourceGETApiPermissionTeststackcorsallowmultipleoriginscorsapitestC473FAE8GETmyresource29B41ABB"
+          }
+        ],
+        "/stack-cors-allow-multiple-origins/cors-api-test/Default/my-resource/GET/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "corsapitestmyresourceGET844C52EA"
+          }
+        ],
+        "/stack-cors-allow-multiple-origins/handler/ServiceRole/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "handlerServiceRole187D5A5A"
+          }
+        ],
+        "/stack-cors-allow-multiple-origins/handler/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "handlerE1533BD5"
+          }
+        ],
+        "/stack-cors-allow-multiple-origins/BootstrapVersion": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "BootstrapVersion"
+          }
+        ],
+        "/stack-cors-allow-multiple-origins/CheckBootstrapVersion": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "CheckBootstrapVersion"
+          }
+        ]
+      },
+      "displayName": "stack-cors-allow-multiple-origins"
+    },
+    "integcorsallowmultipleoriginsDefaultTestDeployAssertEBF0A1B1.assets": {
+      "type": "cdk:asset-manifest",
+      "properties": {
+        "file": "integcorsallowmultipleoriginsDefaultTestDeployAssertEBF0A1B1.assets.json",
+        "requiresBootstrapStackVersion": 6,
+        "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
+      }
+    },
+    "integcorsallowmultipleoriginsDefaultTestDeployAssertEBF0A1B1": {
+      "type": "aws:cloudformation:stack",
+      "environment": "aws://unknown-account/unknown-region",
+      "properties": {
+        "templateFile": "integcorsallowmultipleoriginsDefaultTestDeployAssertEBF0A1B1.template.json",
+        "validateOnSynth": false,
+        "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
+        "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json",
+        "requiresBootstrapStackVersion": 6,
+        "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
+        "additionalDependencies": [
+          "integcorsallowmultipleoriginsDefaultTestDeployAssertEBF0A1B1.assets"
+        ],
+        "lookupRole": {
+          "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}",
+          "requiresBootstrapStackVersion": 8,
+          "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
+        }
+      },
+      "dependencies": [
+        "integcorsallowmultipleoriginsDefaultTestDeployAssertEBF0A1B1.assets"
+      ],
+      "metadata": {
+        "/integ-cors-allow-multiple-origins/DefaultTest/DeployAssert/BootstrapVersion": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "BootstrapVersion"
+          }
+        ],
+        "/integ-cors-allow-multiple-origins/DefaultTest/DeployAssert/CheckBootstrapVersion": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "CheckBootstrapVersion"
+          }
+        ]
+      },
+      "displayName": "integ-cors-allow-multiple-origins/DefaultTest/DeployAssert"
+    },
+    "Tree": {
+      "type": "cdk:tree",
+      "properties": {
+        "file": "tree.json"
+      }
+    }
+  }
+}

packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/integ.cors-allow-multiple-origins.js.snapshot/stack-cors-allow-multiple-origins.assets.json

@@ -0,0 +1,32 @@
+{
+  "version": "33.0.0",
+  "files": {
+    "c7bba0d9d477c86c6dc2adb0eb95842634a1c040dd3a66b42eec2bb604644d4f": {
+      "source": {
+        "path": "asset.c7bba0d9d477c86c6dc2adb0eb95842634a1c040dd3a66b42eec2bb604644d4f.handler",
+        "packaging": "zip"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "c7bba0d9d477c86c6dc2adb0eb95842634a1c040dd3a66b42eec2bb604644d4f.zip",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    },
+    "1680a1a109d409e5d8dfb509472821013a45d099b60b8498e38e31ac2cb1562b": {
+      "source": {
+        "path": "stack-cors-allow-multiple-origins.template.json",
+        "packaging": "file"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "1680a1a109d409e5d8dfb509472821013a45d099b60b8498e38e31ac2cb1562b.json",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    }
+  },
+  "dockerImages": {}
+}