What we have now:
CORS settings differ from service to service.
E.g., books-api has a permissive CORS setup (*) while time-api doesn’t.
Because of this issue, when we run some service locally, we cannot send requests from its UI to other services' API to get data.
What we want to get:
Consistent CORS settings in all services to be able to locally send requests to all services' APIs and get data from them.
We want it to be configured the following way:
- working locally / with local-env: permissive CORS setup (*)
- prod: strict CORS setup, only prod domain is allowed (we shouldn't be able to call prod APIs from locally run UI)
We will need to add env variables:
- for local run to appsettings.MockForPullRequests & appsettings.MockForDevelopement files (e.g., add CorsOptions with AllowedDomain)
- for prod to helmfile.yaml & deploy-to-prod-from-default.yml
What we have now:
CORS settings differ from service to service.
E.g., books-api has a permissive CORS setup (*) while time-api doesn’t.
Because of this issue, when we run some service locally, we cannot send requests from its UI to other services' API to get data.
What we want to get:
Consistent CORS settings in all services to be able to locally send requests to all services' APIs and get data from them.
We want it to be configured the following way:
We will need to add env variables: