From 106cb5a5f452bed48a556a856a1f552b0ff89f1c Mon Sep 17 00:00:00 2001 From: Luca Casonato Date: Tue, 5 Mar 2024 14:28:28 +0100 Subject: [PATCH] feat: add cors to API endpoints --- terraform/buckets.tf | 2 ++ terraform/cloud_run_api.tf | 2 ++ terraform/https.tf | 9 +++++++++ 3 files changed, 13 insertions(+) diff --git a/terraform/buckets.tf b/terraform/buckets.tf index 4d01df29..69c87334 100644 --- a/terraform/buckets.tf +++ b/terraform/buckets.tf @@ -63,6 +63,8 @@ resource "google_compute_backend_bucket" "modules" { "Content-Security-Policy: default-src 'none'; script-src 'none'; style-src 'none'; img-src 'none'; font-src 'none'; connect-src 'none'; frame-src 'none'; object-src 'none'; frame-ancestors 'none'; sandbox; form-action 'none';", "x-jsr-cache-id: {cdn_cache_id}", "x-jsr-cache-status: {cdn_cache_status}", + "access-control-allow-origin: *", + "access-control-expose-headers: *", ] cdn_policy { cache_mode = "USE_ORIGIN_HEADERS" diff --git a/terraform/cloud_run_api.tf b/terraform/cloud_run_api.tf index 1537d20e..bcabb037 100644 --- a/terraform/cloud_run_api.tf +++ b/terraform/cloud_run_api.tf @@ -123,6 +123,8 @@ resource "google_compute_backend_service" "registry_api" { custom_response_headers = [ "x-jsr-cache-id: {cdn_cache_id}", "x-jsr-cache-status: {cdn_cache_status}", + "access-control-allow-origin: *", + "access-control-expose-headers: *", ] enable_cdn = true diff --git a/terraform/https.tf b/terraform/https.tf index 40b7ba31..381db0c2 100644 --- a/terraform/https.tf +++ b/terraform/https.tf @@ -48,10 +48,19 @@ resource "google_compute_url_map" "frontend_https" { path_matcher { name = "api" + default_route_action { url_rewrite { path_prefix_rewrite = "/api" } + cors_policy { + allow_methods = ["HEAD", "GET", "POST", "PUT", "PATCH", "DELETE"] + allow_credentials = false + expose_headers = ["*"] + allow_origins = ["*"] + allow_headers = ["Authorization", "X-Cloud-Trace-Context"] + max_age = 3600 + } } default_service = google_compute_backend_service.registry_api.self_link }