From 08c1bafa68fe78fe719b3e1da3af8bbeb95a6b8d Mon Sep 17 00:00:00 2001 From: William Petit Date: Tue, 20 Jun 2023 13:48:44 -0600 Subject: [PATCH] feat: allow activation of cors headers for spa clients --- defaults/main.yml | 2 +- templates/cadoles-pod-hydra-v1.conf.j2 | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 49168f8..f884ba6 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -45,7 +45,7 @@ hydra_urls_login: "{{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base hydra_urls_logout: "{{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base_path }}/logout" hydra_url_post_logout: "{{ haproxy_public_base_url }}" hydra_urls_error: "{{ haproxy_public_base_url }}/erreur" - +hydra_public_cors_allowed_origins: [] hydra_log_level: warn hydra_log_leak_sensitive_values: no diff --git a/templates/cadoles-pod-hydra-v1.conf.j2 b/templates/cadoles-pod-hydra-v1.conf.j2 index 6984fdf..0ea00df 100644 --- a/templates/cadoles-pod-hydra-v1.conf.j2 +++ b/templates/cadoles-pod-hydra-v1.conf.j2 @@ -18,6 +18,10 @@ PODMAN_ARGS="\ -e 'HYDRA_URL_POST_LOGOUT={{ hydra_url_post_logout }}' \ -e 'HYDRA_ALLOW_INSECURE=yes' \ -e 'HYDRA_LEVEL={{ hydra_log_level }}' \ + {% if hydra_public_cors_allowed_origins | default([]) | length > 0 %} + -e 'SERVE_PUBLIC_CORS_ENABLED=true' \ + -e 'SERVE_PUBLIC_CORS_ALLOWED_ORIGINS={{ hydra_public_cors_allowed_origins | join(',') }}' \ + {% endif %} -e 'HYDRA_SECRETS_SYSTEM={{ lookup('ansible.builtin.password', '/dev/null length=32 seed=hydra_secrets_seed') }}' \ -e 'HYDRA_OIDC_SUBJECT_IDENTIFIERS_PAIRWISE_SALT={{ lookup('ansible.builtin.password', '/dev/null length=32 seed=hydra_secrets_seed') }}' \ -v /etc/hydra/clients.d:/etc/hydra/clients.d \