feat: allow activation of cors headers for spa clients

This commit is contained in:
wpetit 2023-06-20 13:48:44 -06:00
parent f1ad86a80d
commit 08c1bafa68
2 changed files with 5 additions and 1 deletions

View File

@ -45,7 +45,7 @@ hydra_urls_login: "{{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base
hydra_urls_logout: "{{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base_path }}/logout"
hydra_url_post_logout: "{{ haproxy_public_base_url }}"
hydra_urls_error: "{{ haproxy_public_base_url }}/erreur"
hydra_public_cors_allowed_origins: []
hydra_log_level: warn
hydra_log_leak_sensitive_values: no

View File

@ -18,6 +18,10 @@ PODMAN_ARGS="\
-e 'HYDRA_URL_POST_LOGOUT={{ hydra_url_post_logout }}' \
-e 'HYDRA_ALLOW_INSECURE=yes' \
-e 'HYDRA_LEVEL={{ hydra_log_level }}' \
{% if hydra_public_cors_allowed_origins | default([]) | length > 0 %}
-e 'SERVE_PUBLIC_CORS_ENABLED=true' \
-e 'SERVE_PUBLIC_CORS_ALLOWED_ORIGINS={{ hydra_public_cors_allowed_origins | join(',') }}' \
{% endif %}
-e 'HYDRA_SECRETS_SYSTEM={{ lookup('ansible.builtin.password', '/dev/null length=32 seed=hydra_secrets_seed') }}' \
-e 'HYDRA_OIDC_SUBJECT_IDENTIFIERS_PAIRWISE_SALT={{ lookup('ansible.builtin.password', '/dev/null length=32 seed=hydra_secrets_seed') }}' \
-v /etc/hydra/clients.d:/etc/hydra/clients.d \