Add CORS configuration (#69)

feedmeapples · web-flow · commit f80310a57dc0 · 2021-10-27T15:21:25.000-07:00
diff --git a/config/development.yaml b/config/development.yaml
@@ -1,5 +1,8 @@
 enableUi: true
 enableOpenApi: true
+cors:
+  allowOrigins:
+    - http://localhost:3000
 auth:
   enabled: false
   providers:
diff --git a/docker/README.md b/docker/README.md
@@ -30,5 +30,6 @@ docker run \
     -e TEMPORAL_AUTH_CALLBACK_URL=https://xxxx.com:8080/auth/sso/callback \ -- Auth callback url
     -e TEMPORAL_ENABLE_UI=true \                                            -- Serve UI
     -e TEMPORAL_ENABLE_OPENAPI=true \                                       -- Serve Open API UI
+    -e TEMPORAL_CORS_ORIGINS=http://localhost:3000 \                        -- Allow CORS origins
     temporalio/ui:<tag>
 ```
diff --git a/docker/config_template.yaml b/docker/config_template.yaml
@@ -3,6 +3,10 @@ port: {{ default .Env.TEMPORAL_UI_PORT "8080" }}
 uiRootPath: {{ default .Env.TEMPORAL_UI_ROOT_PATH "/" }}
 enableUi: {{ default .Env.TEMPORAL_ENABLE_UI "true" }}
 enableOpenApi: {{ default .Env.TEMPORAL_ENABLE_OPENAPI "true" }}
+cors:
+  allowOrigins:
+    # override framework's default that allows all origins "*"
+    - {{ default .Env.TEMPORAL_CORS_ORIGINS "http://localhost:8080" }}
 auth:
     enabled: {{ default .Env.TEMPORAL_AUTH_ENABLED "false" }}
     providers:
diff --git a/server/config/config.go b/server/config/config.go
@@ -37,6 +37,11 @@ type (
 		Auth                Auth   `yaml:"auth"`
 		EnableUI            bool   `yaml:"enableUi"`
 		EnableOpenAPI       bool   `yaml:"enableOpenApi"`
+		CORS                CORS   `yaml:"cors"`
+	}
+
+	CORS struct {
+		AllowOrigins []string `yaml:"allowOrigins"`
 	}
 
 	Auth struct {
diff --git a/server/server.go b/server/server.go
@@ -73,7 +73,7 @@ func NewServer(opts ...server_options.ServerOption) *Server {
 	e.Use(middleware.Logger())
 	e.Use(middleware.Recover())
 	e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
-		AllowOrigins: []string{"http://localhost:3000", "https://localhost:3000", "http://localhost:8080"},
+		AllowOrigins: serverOpts.Config.CORS.AllowOrigins,
 		AllowHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept},
 	}))
 	e.Use(session.Middleware(sessions.NewCookieStore(
