now that user_auth is a module, how would I customize CORS given I need to allow other domains to access `api.my_domain_name`.
karimkawambwa opened this issue · comments
https://github.com/commitdev/terraform-aws-zero/blob/main/modules/user_auth/main.tf#L201-L204
Perhaps add the ability to specify a wildcard?
Or the ability to customize nginx.ingress.kubernetes.io/configuration-snippet
.
Yeah unfortunately with the nginx ingress the only way to allow multiple CORS domains is by adding a configuration snippet like this:
ingress.kubernetes.io/configuration-snippet: |
if ($http_origin ~ '^https:\/\/(.*\.)?example\.(com|net)$') {
set $allow_origin $http_origin;
}
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: $allow_origin';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Client-Identifier';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: $allow_origin';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Client-Identifier';
So inside the module we could add the configuration snippet, and add a variable to accept a list of domains or a domain regex.
So inside the module we could add the configuration snippet, and add a variable to accept a list of domains or a domain regex.
having this variable would be great if this is the best way (i can't think of any other way). I had a snippet before that I would like to use.
We could have both. Always specify this snippet for cors stuff, and then have another variable that allows a user to pass in additional configuration, which we would just append in that block.