Merge pull request #25 from bcgov/FSADT1-287-api-gateway

Merge: fix cors issue for api services portal
bcgov · Aug 17, 2022 · c8387ce · c8387ce
2 parents 93df460 + 9c36c0f
commit c8387ce
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 13 deletions.
diff --git a/.github/gwa/apiService.sh b/.github/gwa/apiService.sh
@@ -20,6 +20,7 @@ services:
     - /
     methods:
     - GET
+    - OPTIONS
     strip_path: false
     https_redirect_status_code: 426
     path_handling: v0

diff --git a/.github/gwa/service.yaml b/.github/gwa/service.yaml
@@ -14,6 +14,7 @@ services:
           - /
         methods:
           - GET
+          - OPTIONS
         strip_path: false
         https_redirect_status_code: 426
         path_handling: v0
@@ -31,3 +32,20 @@ services:
         config:
           hide_groups_header: true
           allow: [E990939D]
+      - name: cors
+        tags: [ns.d2723f.test]
+        config:
+          origins: ["*"]
+          methods: [GET, POST, PUT, DELETE, PATCH]
+          headers:
+            [
+              Connection,
+              Upgrade,
+              Cache-Control,
+              Access-Control-Allow-Headers,
+              Access-Control-Request-Headers,
+              X-API-KEY,
+              Keep-Alive,
+            ]
+          credentials: true
+          max_age: 3600
diff --git a/backend/src/main.ts b/backend/src/main.ts
@@ -8,19 +8,19 @@ async function bootstrap() {
   const app = await NestFactory.create(AppModule);
 
   // enable cors only for our frontend/backend address
-  // const whitelist = [process.env.FRONTEND_URL, process.env.BACKEND_URL];
-  // app.enableCors({
-  //   origin: (origin, callback) => {
-  //     if (!origin || whitelist.indexOf(origin) !== -1) {
-  //       callback(null, true);
-  //     }
-  //     // else {
-  //     //   callback(new Error('Not allowed by CORS'));
-  //     // }
-  //   },
-  // });
-
-  app.enableCors();
+  const whitelist = [process.env.FRONTEND_URL, process.env.BACKEND_URL];
+  app.enableCors({
+    origin: (origin, callback) => {
+      if (!origin || whitelist.indexOf(origin) !== -1) {
+        callback(null, true);
+      }
+      // else {
+      //   callback(new Error('Not allowed by CORS'));
+      // }
+    },
+  });
+
+  // app.enableCors();
 
   app.use(bodyParser.json({ limit: '100mb' }));