add CORS config to api gw

guardian · Mar 18, 2024 · 77e0086 · 77e0086
1 parent 8799751
commit 77e0086
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 9 deletions.
diff --git a/cdk/lib/__snapshots__/concierge-graphql.test.ts.snap b/cdk/lib/__snapshots__/concierge-graphql.test.ts.snap
@@ -310,6 +310,23 @@ exports[`The ConciergeGraphql stack matches the snapshot 1`] = `
     },
     "GWApiGW36D3A369": {
       "Properties": {
+        "CorsConfiguration": {
+          "AllowCredentials": true,
+          "AllowHeaders": [
+            "content-type",
+            "x-api-key",
+          ],
+          "AllowMethods": [
+            "POST",
+            "GET",
+            "OPTIONS",
+          ],
+          "AllowOrigins": [
+            "http://localhost:8081",
+            "graphiql.capi.test.dev-gutools.co.uk",
+          ],
+          "MaxAge": 300,
+        },
         "Description": "Gateway for the TEST concierge-graphql instance",
         "Name": "concierge-graphql-TEST",
         "ProtocolType": "HTTP",

diff --git a/cdk/lib/concierge-graphql.ts b/cdk/lib/concierge-graphql.ts
@@ -7,7 +7,7 @@ import {InstanceClass, InstanceSize, InstanceType, Peer, Port, Subnet, Vpc} from
 import {AccessScope} from "@guardian/cdk/lib/constants";
 import {getHostName} from "./hostname";
 import {GuSecurityGroup, GuVpc} from "@guardian/cdk/lib/constructs/ec2";
-import {HttpGateway} from "./gateway";
+import {HttpGateway, ValidStages} from "./gateway";
 import {AttributeType, BillingMode, Table} from "aws-cdk-lib/aws-dynamodb";
 import {GuPolicy} from "@guardian/cdk/lib/constructs/iam";
 import {Effect, PolicyStatement} from "aws-cdk-lib/aws-iam";
@@ -114,7 +114,7 @@ export class ConciergeGraphql extends GuStack {
     const subnets = GuVpc.subnets(this, subnetsList.valueAsList);
 
     new HttpGateway(this, "GW", {
-      stage: props.stage as "CODE"|"PROD",
+      stage: props.stage as ValidStages,
       backendLoadbalancer: loadBalancer,
       lbDomainName,
       previewMode,

diff --git a/cdk/lib/gateway.ts b/cdk/lib/gateway.ts
@@ -1,15 +1,18 @@
 import {Construct} from "constructs";
-import type {GuStack, GuStackProps} from "@guardian/cdk/lib/constructs/core";
-import {HttpApi, VpcLink} from "aws-cdk-lib/aws-apigatewayv2"
-import {HttpAlbIntegration, HttpUrlIntegration} from "aws-cdk-lib/aws-apigatewayv2-integrations";
-import {IApplicationLoadBalancer, IListener} from "aws-cdk-lib/aws-elasticloadbalancingv2";
-import {ISecurityGroup, IVpc, Peer, Port, SecurityGroup, SubnetSelection} from "aws-cdk-lib/aws-ec2";
+import type {GuStack} from "@guardian/cdk/lib/constructs/core";
+import {CorsHttpMethod, HttpApi, VpcLink} from "aws-cdk-lib/aws-apigatewayv2"
+import {HttpAlbIntegration} from "aws-cdk-lib/aws-apigatewayv2-integrations";
+import {IApplicationLoadBalancer} from "aws-cdk-lib/aws-elasticloadbalancingv2";
+import {ISecurityGroup, IVpc, Peer, Port, SubnetSelection} from "aws-cdk-lib/aws-ec2";
 import {GuSecurityGroup} from "@guardian/cdk/lib/constructs/ec2";
-import {CfnUsagePlan, UsagePlan} from "aws-cdk-lib/aws-apigateway";
 import {IApplicationListener} from "aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-listener";
+import {Duration} from "aws-cdk-lib";
+import {hostingDomain} from "./constants";
+
+export type ValidStages = "CODE-AARDVARK"|"PROD-AARDVARK"|"CODE-ZEBRA"|"PROD-ZEBRA";
 
 interface HttpGatewayProps {
-    stage: "CODE"|"PROD";
+    stage: ValidStages;
     previewMode: boolean;
     backendLoadbalancer: IApplicationLoadBalancer;
     backendListener: IApplicationListener;
@@ -43,13 +46,22 @@ export class HttpGateway extends Construct {
         });
 
         const maybePreview = props.previewMode ? "preview-" : "";
+        const deployedUrl = hostingDomain[props.stage];
+
         const httpApi = new HttpApi(this, "ApiGW", {
             apiName: `concierge-graphql-${maybePreview}${props.stage}`,
             description: `Gateway for the ${props.stage} concierge-graphql${maybePreview} instance`,
             defaultIntegration: new HttpAlbIntegration('DefaultIntegration', props.backendListener, {
                 vpcLink,
                 secureServerName: props.lbDomainName,
             }),
+            corsPreflight: {
+                allowOrigins: ['http://localhost:8081', deployedUrl],
+                allowMethods: [CorsHttpMethod.POST, CorsHttpMethod.GET, CorsHttpMethod.OPTIONS],
+                allowHeaders: ['content-type', 'x-api-key'],
+                maxAge: Duration.minutes(5),
+                allowCredentials: true
+            },
             createDefaultStage: true,
         });
         //