Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CORS helpers #520

Open
jyecusch opened this issue Oct 17, 2023 · 2 comments
Open

CORS helpers #520

jyecusch opened this issue Oct 17, 2023 · 2 comments
Labels
enhancement New feature or request

Comments

@jyecusch
Copy link
Member

jyecusch commented Oct 17, 2023
edited
Loading

While CORS can currently be handled using middleware and by registering OPTIONS routes, we'd like to build this support into the framework to make it more convinient and ideally handle the responses as high up the infra stack as possible. For example, providing support for static responses to OPTIONS requests at the API Gateway or Nitric Server layers to reduce latency and hosting costs.

This support will be needed in all language SDKs.
@jyecusch jyecusch added the enhancement New feature or request label Oct 17, 2023
@davemooreuws davemooreuws self-assigned this Oct 18, 2023
@davemooreuws
Copy link
Member

Research of cloud provider API gateway pulumi configs:

AWS:
Seems pretty easy, just put them in apigatewayv2.NewApi

  • allowCredentials
  • allowHeaders
  • allowMethods
  • allowOrigins
  • exposeHeaders
  • maxAge

Azure:
Need to create a cors policy use apimanagement.NewApiOperationPolicy

  • allowCredentials
  • allowHeaders
  • allowMethods
  • allowOrigins
  • exposeHeaders
  • maxAge

GCP:
The worst of the bunch it seems, they suggest using ESP or doing it per function.
References:
https://stackoverflow.com/questions/64281334/cors-errors-when-trying-to-fetch-from-new-google-cloud-api-gateway/65738206#65738206
https://www.googlecloudcommunity.com/gc/Serverless/CORS-issue-with-API-gateway/m-p/619097

TLDR

AWS and Azure seem fine, however considering GCPs lack of support (and lack of a roadmap) Like we have suggested, we could use a load balancer or just handle it on our side, but then if we do this should we just do it consistently across any new provider or pick best prac per cloud?

@davemooreuws davemooreuws mentioned this issue Oct 19, 2023
Closed
@davemooreuws davemooreuws mentioned this issue Nov 7, 2023
Closed
@nitrictech nitrictech deleted a comment from raksiv Aug 16, 2024
@davemooreuws
Copy link
Member

davemooreuws commented Aug 16, 2024
edited
Loading

Reviving this feature for v1. Cleaned up this issue, research was done last year as seen above.

Example in ts:

// no cors by default
const helloApi = api("main");

// with custom settings
const helloApi = api("main", {
  cors: {
    allowOrigins: ["https://cors-test.codehappy.dev"],
    allowCredentials: true,
    allowMethods: ["GET"],
    allowHeaders: ["*"],
    maxAge: "3 days",
  },
});

// with default cors settings
const helloApi = api("public", {
  cors: true,
});

Implementations:

  • AWS: via native apigateway
  • Azure: via native apimanagement
  • GCP: custom implementation in the nitric layer
  • Local: custom implementation in the CLI

Old pre v1 reference work to use:

@davemooreuws davemooreuws mentioned this issue Aug 21, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feat/cors nitrictech/nitric
5 participants
@jyecusch @davemooreuws @tjholm @HomelessDinosaur @raksiv