diff --git a/docker-compose.yml b/docker-compose.yml index bbfd639dfc..be3ec499ae 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -141,7 +141,7 @@ services: SLACK_WEBHOOK_URL: ${SLACK_WEBHOOK_URL} ORDNANCE_SURVEY_API_KEY: ${ORDNANCE_SURVEY_API_KEY} MINIO_PORT: ${MINIO_PORT} - CORS_ALLOWLIST: ${EDITOR_URL_EXT} + CORS_ALLOWLIST: ${EDITOR_URL_EXT}, ${API_URL_EXT} ENCRYPTION_KEY: ${ENCRYPTION_KEY} # Local authority config # Lambeth diff --git a/infrastructure/application/utils/generateCORSAllowList.ts b/infrastructure/application/utils/generateCORSAllowList.ts index d49aebb77f..1eb8238a90 100644 --- a/infrastructure/application/utils/generateCORSAllowList.ts +++ b/infrastructure/application/utils/generateCORSAllowList.ts @@ -5,7 +5,8 @@ import { CustomDomains } from "../../common/teams"; export const generateCORSAllowList = (customDomains: CustomDomains, domain: string): awsx.ecs.KeyValuePair => { const customDomainURLs = customDomains.map(team => `https://${team.domain}`); const editorURL = `https://${domain}`; - const corsAllowList = [...customDomainURLs, editorURL]; + const apiURL = `https://api.${domain}`; // Required for requests from API docs + const corsAllowList = [...customDomainURLs, editorURL, apiURL]; const secret: awsx.ecs.KeyValuePair = { name: "CORS_ALLOWLIST",