/receipts/ endpoint encounters CORS errors when using custom header for attachment authentication

[blimpich]

Summary:

We have a goal to shift attachment authentication to a custom header, eliminating the need to append a token to the URL. This change allows for more efficient caching since the URL remains consistent. However, in doing this we encounter CORS errors. See this comment for more details.

We had this same problem with the /chat-attachment/ which was solved by these two PRs (1 & 2). We need to do the same for the receipts endpoint. This caused this deploy blocker recently.

Solution:

Configure our CORS settings in the backend so that the /receipts/ endpoint is like the /chat-attachment/ endpoint and allows these custom headers.

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~013d594876a09efc2c
• Upwork Job ID: 1732925899350822912
• Last Price Increase: 2023-12-08

[melvin-bot]

Job added to Upwork: https://www.upwork.com/jobs/~013d594876a09efc2c

[melvin-bot]

Triggered auto assignment to Contributor Plus for review of internal employee PR - @burczu (Internal)

[blimpich]

@burczu not sure if you need to be assigned to this issue. This issue has to be completed internally, but I created the issue in Expensify/App so that my progress on it could be visible to those interested in it.

[melvin-bot]

@blimpich Whoops! This issue is 2 days overdue. Let's get this updated quick!

[blimpich]

Haven't had time to work on this yet. Hoping to get to it this week.

[blimpich]

Making this weekly until I can prioritize it over other tickets. This will be high on my list once I deal with more urgent issues since it is blocking other people's work.

[blimpich]

Not prioritized, swamped with other chore / auto-assigned work.

[roryabraham]

I think this should be treated as a top priority. Image caching is blocking a whole suite of other issues and has been in-progress for years now (since Spain OffShore IIRC).

[melvin-bot]

@blimpich Uh oh! This issue is overdue by 2 days. Don't forget to update your issues!

[blimpich]

I agree that this is high priority work, but it wasn't part of a commitment for EOY so I did not prioritize it. Now that it is the new year I hope that I can work on this soon, though I still consider it less important than regressions that are actively hurting customer experience, which is what I'm currently prioritizing.

[blimpich]

Taking another crack at this today.

[blimpich]

Success! Was able to verify locally after looking at this with fresh eyes. Will update PRs and add reviewers shortly