fix CORS for deployments (#302)

helm · Jun 29, 2017 · 8364dab · 8364dab
1 parent 573ad36
commit 8364dab
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 8 deletions.
diff --git a/deployment/monocular/values.yaml b/deployment/monocular/values.yaml
@@ -36,9 +36,11 @@ api:
       #  source: my-repository-source
     cors:
       allowed_origins:
-        - my-api-server
+        - ""
+        # e.g. UI served on a different domain
+        # - http://monocular.local
       allowed_headers:
-        - "access-control-allow-headers"
+        - "content-type"
         - "x-xsrf-token"
     # Enable Helm deployment integration
     releasesEnabled: true

diff --git a/docs/config.example.yaml b/docs/config.example.yaml
@@ -15,9 +15,9 @@ repos:
 
 # cors:
 #   allowed_origins:
-#     - my-api-server
+#     - my-ui-hostname
 #   allowed_headers:
-#     - "access-control-allow-headers"
+#     - "content-type"
 #     - "x-xsrf-token"
 
 # Enables Helm deployment integration

diff --git a/src/api/config/cors/cors.go b/src/api/config/cors/cors.go
@@ -27,8 +27,8 @@ func defaultCors() (Cors, error) {
 	}
 	// Defaults
 	return Cors{
-		AllowedOrigins: []string{"my-api-server"},
-		AllowedHeaders: []string{"access-control-allow-headers", "x-xsrf-token"},
+		AllowedOrigins: []string{""},
+		AllowedHeaders: []string{"content-type", "x-xsrf-token"},
 	}, nil
 }
 

diff --git a/src/api/config/cors/cors_test.go b/src/api/config/cors/cors_test.go
@@ -12,8 +12,8 @@ var configFileOk = filepath.Join("..", "testdata", "config.yaml")
 var configFileNotOk = filepath.Join("..", "testdata", "bogus_config.yaml")
 var configFileNoCors = filepath.Join("..", "testdata", "nocors_config.yaml")
 var defaultExpectedCors = Cors{
-	AllowedOrigins: []string{"my-api-server"},
-	AllowedHeaders: []string{"access-control-allow-headers", "x-xsrf-token"},
+	AllowedOrigins: []string{""},
+	AllowedHeaders: []string{"content-type", "x-xsrf-token"},
 }
 
 func TestConfigFileDoesNotExist(t *testing.T) {