1300: Reverting change to the cors ESV as it is shared across a tenant (

#50) Reverting cors ESV name to `esv-cors-accepted-origins` This configuration applies to the tenant as a whole, if the tenant needs to support multiple realms then the value of `esv-cors-accepted-origins` needs to be a list containing all the accepted origins for both realms. SecureApiGateway/SecureApiGateway#1300
SecureApiGateway · Apr 10, 2024 · fb50d9a · fb50d9a
1 parent b752556
commit fb50d9a
Show file tree

Hide file tree

Showing 8 changed files with 20 additions and 16 deletions.
diff --git a/sapig-overlay/core/.env.sample b/sapig-overlay/core/.env.sample
@@ -45,9 +45,11 @@ OAUTH2_AGENTS='{
 
 #ESV_CORE_BASEURL=
 #ESV_CORE_MTLS_BASEURL=
-#ESV_CORE_CORS_ACCEPTED_ORIGINS=
 #ESV_CORE_SAPIG_IDENTITY_CLOUD_REALM=
 
+# NOTE: cors conf applies to the whole tenant and not just a realm
+#ESV_CORS_ACCEPTED_ORIGINS=
+
 # ESV Secrets - the below values need to be supplied when doing fr-config-push secrets
 #ESV_CORE_AM_OAUTH2_CA_CERTS_1=
 

diff --git a/sapig-overlay/core/cors/cors-config.json b/sapig-overlay/core/cors/cors-config.json
@@ -56,7 +56,7 @@
         "OPTIONS"
       ],
       "acceptedOrigins": {
-        "$list": "&{esv.sapig.core.cors.accepted.origins}"
+        "$list": "&{esv.cors.accepted.origins}"
       },
       "allowCredentials": true,
       "enabled": true,

diff --git a/sapig-overlay/core/esvs/variables/esv-cors-accepted-origins.json b/sapig-overlay/core/esvs/variables/esv-cors-accepted-origins.json
@@ -0,0 +1,6 @@
+{
+  "_id": "esv-cors-accepted-origins",
+  "description": "",
+  "expressionType": "list",
+  "valueBase64": "${ESV_CORS_ACCEPTED_ORIGINS}"
+}
diff --git a/sapig-overlay/core/esvs/variables/esv-sapig-core-cors-accepted-origins.json b/sapig-overlay/core/esvs/variables/esv-sapig-core-cors-accepted-origins.json
diff --git a/sapig-overlay/ob/.env.sample b/sapig-overlay/ob/.env.sample
@@ -46,9 +46,11 @@ OAUTH2_AGENTS='{
 
 #ESV_OB_BASEURL=
 #ESV_OB_MTLS_BASEURL=
-#ESV_OB_CORS_ACCEPTED_ORIGINS=
 #ESV_OB_SAPIG_IDENTITY_CLOUD_REALM=
 
+# NOTE: cors conf applies to the whole tenant and not just a realm
+#ESV_CORS_ACCEPTED_ORIGINS=
+
 # ESV Secrets - the below values need to be supplied when doing fr-config-push secrets
 #ESV_OB_AM_OAUTH2_CA_CERTS_1=
 

diff --git a/sapig-overlay/ob/cors/cors-config.json b/sapig-overlay/ob/cors/cors-config.json
@@ -56,7 +56,7 @@
         "OPTIONS"
       ],
       "acceptedOrigins": {
-        "$list": "&{esv.sapig.ob.cors.accepted.origins}"
+        "$list": "&{esv.cors.accepted.origins}"
       },
       "allowCredentials": true,
       "enabled": true,

diff --git a/sapig-overlay/ob/esvs/variables/esv-cors-accepted-origins.json b/sapig-overlay/ob/esvs/variables/esv-cors-accepted-origins.json
@@ -0,0 +1,6 @@
+{
+  "_id": "esv-cors-accepted-origins",
+  "description": "",
+  "expressionType": "list",
+  "valueBase64": "${ESV_CORS_ACCEPTED_ORIGINS}"
+}
diff --git a/sapig-overlay/ob/esvs/variables/esv-sapig-ob-cors-accepted-origins.json b/sapig-overlay/ob/esvs/variables/esv-sapig-ob-cors-accepted-origins.json