diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index 8231e15d..a9883870 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -187,6 +187,7 @@ sealed-secrets: | app-proxy.config.argoWorkflowsInsecure | string | `"true"` | | | app-proxy.config.argoWorkflowsUrl | string | `nil` | Workflows server url. Determined by chart logic. Do not change unless you are certain you need to | | app-proxy.config.clusterChunkSize | int | `50` | define cluster list size per request to report the cluster state to platform, e.g. if you have 90 clusters and set clusterChunkSize: 40, it means cron job will report cluster state to platform in 3 iterations (40,40,10) - reduce this value if you have a lot of clusters and the cron job is failing with payload too large error - use 0 to sync all clusters at once | +| app-proxy.config.cors | string | `"https://g.codefresh.io"` | Cors settings for app-proxy. This is the list of allowed domains for platform. | | app-proxy.config.env | string | `"production"` | | | app-proxy.config.logLevel | string | `"info"` | Log Level | | app-proxy.config.skipGitPermissionValidation | string | `"false"` | Skit git permissions validation | diff --git a/charts/gitops-runtime/templates/_components/internal-router/_configmap.yaml b/charts/gitops-runtime/templates/_components/internal-router/_configmap.yaml index 6503b3c6..fed35794 100644 --- a/charts/gitops-runtime/templates/_components/internal-router/_configmap.yaml +++ b/charts/gitops-runtime/templates/_components/internal-router/_configmap.yaml @@ -27,9 +27,31 @@ data: proxy_set_header Connection "upgrade"; chunked_transfer_encoding off; + error_page 502 = @app_proxy_init_error; + proxy_pass {{ index (get .Values.routing "app-proxy") "internalUrl" }}; } + location @app_proxy_init_error { + internal; + + if ($request_method = OPTIONS) { + add_header 'Access-Control-Allow-Origin' "{{ index .Values "app-proxy" "config" "cors" }}" always; + add_header 'Access-Control-Allow-Methods' 'GET,HEAD,PUT,PATCH,POST,DELETE' always; + add_header 'Access-Control-Allow-Headers' 'content-type,x-access-token' always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + add_header 'Content-Length' 0; + return 204; + } + + add_header 'Access-Control-Allow-Origin' "{{ index .Values "app-proxy" "config" "cors" }}" always; + add_header 'Access-Control-Allow-Methods' 'GET,HEAD,PUT,PATCH,POST,DELETE' always; + add_header 'Access-Control-Allow-Headers' 'content-type,x-access-token' always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + return 502; + + } + {{- if .Values.routing.workflows.enabled }} location /workflows/ { # sse diff --git a/charts/gitops-runtime/templates/internal-router/config.yaml b/charts/gitops-runtime/templates/internal-router/config.yaml index fd0ea3fa..e8b05190 100644 --- a/charts/gitops-runtime/templates/internal-router/config.yaml +++ b/charts/gitops-runtime/templates/internal-router/config.yaml @@ -1,5 +1,6 @@ {{- $internalRouterContext := deepCopy . }} {{- $_ := set $internalRouterContext "Values" (deepCopy (get .Values "internal-router")) }} +{{- $_ := set $internalRouterContext.Values "app-proxy" (deepCopy (get .Values "app-proxy")) }} {{- $_ := set $internalRouterContext.Values "global" (deepCopy (get .Values "global")) }} {{/* Set workflows routing diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 65782f3d..2b620f62 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -591,6 +591,8 @@ app-proxy: # - reduce this value if you have a lot of clusters and the cron job is failing with payload too large error # - use 0 to sync all clusters at once clusterChunkSize: 50 + # -- Cors settings for app-proxy. This is the list of allowed domains for platform. + cors: "https://g.codefresh.io" env: {}