[keyserver] Update CORS
a02da8a6a22b
Actions

Description

[keyserver] Update CORS

Summary:
ENG-4768
We want the web app to call squadcal instead of web.comm.app which means we need to setup new cors headers so the browser doesn't reject the request. We can use the express middleware from cors library to automatically handle adding cors headers to requests and handling preflight requests (where the browser first sends and OPTION request).

Test Plan:
To test this:

First we need to start hosting the web app on a different origin, so the browser will require a CORS header for the requests. We can do it like this:
- Edit /etc/hosts file and add 127.0.0.1 test.localhost line. Thanks to this we can navigate to test.localhost:3000/comm/ and still get redirected to 127.0.0.1 (note: for some reason this continued to work for me even without this line on some browsers)
- Modify domains in webapp_cors.json and commapp_url.json to http://test.localhost:3000
Then we want to make the the webapp connect to the keyserver endpoints (squadCalRouter). Modify the default dev urlPrefix in web/redux/default-state.js to http://localhost:3000 (remove the /comm)
- We also need to change the proxy in squadcal_url.json to "none" because otherwise keyserver tries to determine the request api like it was redirected from apache and fails. As I don't have a proxy setup I need to change this setting.
Load the web app
- Without CORS middleware the initial-redux-state request fails with Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource
- With CORS middleware (changes in this diff) the request goes through

I have also confirmed that after removing the upload-endpoint-specific CORS setup, uploads still load on the web app (both media uploaded before the CORS changes and after the changes).
Also tested if both nix develop and keyserver migration created the new file.

Adding @ashoat as reviewer because of new dependency.

Reviewers: inka, kamil, atul, ashoat

Reviewed By: kamil, ashoat

Subscribers: tomek, wyilio, ashoat

Differential Revision: https://phab.comm.dev/D9396

Details

Provenance

Michal Gniadek <michal.gniadek@swmansion.com>

Authored on Sep 29 2023, 7:41 AM

Reviewer

kamil

Differential Revision

D9396: [keyserver] Update CORS

Parents

rCOMM3300e9a1834f: [keyserver] Remove table prefix in sql query

Branches

Unknown

Tags

Unknown

Event Timeline

Michal Gniadek <michal.gniadek@swmansion.com> committed rCOMMa02da8a6a22b: [keyserver] Update CORS (authored by Michal Gniadek <michal.gniadek@swmansion.com>).Oct 31 2023, 2:54 AM

Michal Gniadek <michal.gniadek@swmansion.com> added an edge: D9396: [keyserver] Update CORS.

Michal Gniadek <michal.gniadek@swmansion.com> added a subscriber: ashoat.