feat(endpoint): pass checking function to corsica origins

this valid_origin? takes origins config from env and uses
Corsica.allowed_origin? to check if the incoming request is valid

lib/epochtalk_server_web/endpoint.ex

@@ -6,14 +6,19 @@ defmodule EpochtalkServerWeb.Endpoint do
   plug RemoteIp
 
   # cors configuration
-  corsica_config = Application.get_env(:epochtalk_server, :corsica)
   plug Corsica,
-    origins: corsica_config.origins,
+    origins: {__MODULE__, :valid_origin?, []},
     allow_headers: :all,
     allow_credentials: false,
     allow_private_network: true,
     expose_headers: ["epoch-viewer", "api-key", "x-api-key"]
 
+  def valid_origin?(conn, _origin) do
+    origins = Application.get_env(:epochtalk_server, :corsica).origins
+    options = %Corsica.Options{origins: origins}
+    Corsica.allowed_origin?(conn, options)
+  end
+
   socket "/socket", EpochtalkServerWeb.UserSocket,
     websocket: true,
     longpoll: false