Add missing CORS (#12877)

ydb-platform · Dec 27, 2024 · c0db9a4 · c0db9a4
1 parent 3250bfc
commit c0db9a4
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 0 deletions.
diff --git a/ydb/mvp/oidc_proxy/oidc_protected_page_nebius.cpp b/ydb/mvp/oidc_proxy/oidc_protected_page_nebius.cpp
@@ -41,6 +41,7 @@ void THandlerSessionServiceCheckNebius::HandleExchange(NHttp::TEvHttpProxy::TEvH
     if (!event->Get()->Response) {
         BLOG_D("Getting access token: Bad Request");
         NHttp::THeadersBuilder responseHeaders;
+        SetCORS(Request, &responseHeaders);
         responseHeaders.Set("Content-Type", "text/plain");
         return ReplyAndPassAway(Request->CreateResponse("400", "Bad Request", responseHeaders, event->Get()->Error));
     }

diff --git a/ydb/mvp/oidc_proxy/oidc_session_create.cpp b/ydb/mvp/oidc_proxy/oidc_session_create.cpp
@@ -78,6 +78,7 @@ void THandlerSessionCreate::Handle(NHttp::TEvHttpProxy::TEvHttpIncomingResponse:
                 errorMessage =  "Wrong OIDC response";
             }
             NHttp::THeadersBuilder responseHeaders;
+            SetCORS(Request, &responseHeaders);
             responseHeaders.Set("Content-Type", "text/plain");
             return ReplyAndPassAway(Request->CreateResponse("400", "Bad Request", responseHeaders, errorMessage));
         } else {
@@ -87,6 +88,7 @@ void THandlerSessionCreate::Handle(NHttp::TEvHttpProxy::TEvHttpIncomingResponse:
         }
     } else {
         NHttp::THeadersBuilder responseHeaders;
+        SetCORS(Request, &responseHeaders);
         responseHeaders.Set("Content-Type", "text/plain");
         return ReplyAndPassAway(Request->CreateResponse("400", "Bad Request", responseHeaders, event->Get()->Error));
     }

diff --git a/ydb/mvp/oidc_proxy/oidc_session_create_nebius.cpp b/ydb/mvp/oidc_proxy/oidc_session_create_nebius.cpp
@@ -39,6 +39,7 @@ void THandlerSessionCreateNebius::ProcessSessionToken(const TString& sessionToke
     BLOG_D("Set session cookie: (" << sessionCookieName << ": " << NKikimr::MaskTicket(sessionCookieValue) << ")");
 
     NHttp::THeadersBuilder responseHeaders;
+    SetCORS(Request, &responseHeaders);
     responseHeaders.Set("Set-Cookie", CreateSecureCookie(sessionCookieName, sessionCookieValue));
     responseHeaders.Set("Location", Context.GetRequestedAddress());
     ReplyAndPassAway(Request->CreateResponse("302", "Cookie set", responseHeaders));

diff --git a/ydb/mvp/oidc_proxy/openid_connect.cpp b/ydb/mvp/oidc_proxy/openid_connect.cpp
@@ -95,6 +95,7 @@ NHttp::THttpOutgoingResponsePtr GetHttpOutgoingResponsePtr(const NHttp::THttpInc
                                                                      << request->Host
                                                                      << GetAuthCallbackUrl();
     NHttp::THeadersBuilder responseHeaders;
+    SetCORS(request, &responseHeaders);
     responseHeaders.Set("Set-Cookie", context.CreateYdbOidcCookie(settings.ClientSecret));
     if (context.IsAjaxRequest()) {
         return CreateResponseForAjaxRequest(request, responseHeaders, redirectUrl);