fix: Allow CORS access via API docs (#2753)

theopensystemslab · Feb 5, 2024 · eadbffc · eadbffc
1 parent b180df9
commit eadbffc
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -141,7 +141,7 @@ services:
       SLACK_WEBHOOK_URL: ${SLACK_WEBHOOK_URL}
       ORDNANCE_SURVEY_API_KEY: ${ORDNANCE_SURVEY_API_KEY}
       MINIO_PORT: ${MINIO_PORT}
-      CORS_ALLOWLIST: ${EDITOR_URL_EXT}
+      CORS_ALLOWLIST: ${EDITOR_URL_EXT}, ${API_URL_EXT}
       ENCRYPTION_KEY: ${ENCRYPTION_KEY}
       # Local authority config
       # Lambeth

diff --git a/infrastructure/application/utils/generateCORSAllowList.ts b/infrastructure/application/utils/generateCORSAllowList.ts
@@ -5,7 +5,8 @@ import { CustomDomains } from "../../common/teams";
 export const generateCORSAllowList = (customDomains: CustomDomains, domain: string): awsx.ecs.KeyValuePair => {
   const customDomainURLs = customDomains.map(team => `https://${team.domain}`);
   const editorURL = `https://${domain}`;
-  const corsAllowList = [...customDomainURLs, editorURL];
+  const apiURL = `https://api.${domain}`; // Required for requests from API docs
+  const corsAllowList = [...customDomainURLs, editorURL, apiURL];
 
   const secret: awsx.ecs.KeyValuePair = {
     name: "CORS_ALLOWLIST",