letsbe
/
monacousa-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix Kong CORS configuration for cross-origin requests
Build and Push Docker Images / build-portal (push) Successful in 2m26s Details
Build and Push Docker Images / build-infra (docker/db, monacousa-db) (push) Successful in 1m16s Details
Build and Push Docker Images / build-infra (docker/kong, monacousa-kong) (push) Successful in 26s Details
Build and Push Docker Images / build-infra (docker/migrate, monacousa-migrate) (push) Has been cancelled Details 

- Add proper CORS configuration to all Kong routes
- Allow portal.monacousa.org and localhost origins
- Configure allowed methods, headers, and credentials
- Fixes 'Cross-site POST form submissions are forbidden' error

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Matt 2026-02-10 13:50:36 +01:00
parent 3a72b0a184
commit 87ff2d5d20
1 changed files with 270 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

270
docker/kong/kong.yml.template
View File

@ -26,6 +26,33 @@ services:
preserve_host: false preserve_host: false
plugins: plugins:
- name: cors - name: cors
config:
origins:
- https://portal.monacousa.org
- http://localhost:7453
- http://localhost:3000
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
headers:
- Accept
- Accept-Version
- Authorization
- Content-Length
- Content-Type
- Date
- X-Auth-Token
- apikey
- x-client-info
exposed_headers:
- Content-Length
- Content-Range
credentials: true
max_age: 3600
- name: auth-v1-open - name: auth-v1-open
url: http://auth:9999/verify url: http://auth:9999/verify
@ -36,6 +63,33 @@ services:
- /auth/v1/verify - /auth/v1/verify
plugins: plugins:
- name: cors - name: cors
config:
origins:
- https://portal.monacousa.org
- http://localhost:7453
- http://localhost:3000
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
headers:
- Accept
- Accept-Version
- Authorization
- Content-Length
- Content-Type
- Date
- X-Auth-Token
- apikey
- x-client-info
exposed_headers:
- Content-Length
- Content-Range
credentials: true
max_age: 3600
- name: auth-v1-open-callback - name: auth-v1-open-callback
url: http://auth:9999/callback url: http://auth:9999/callback
@ -46,6 +100,33 @@ services:
- /auth/v1/callback - /auth/v1/callback
plugins: plugins:
- name: cors - name: cors
config:
origins:
- https://portal.monacousa.org
- http://localhost:7453
- http://localhost:3000
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
headers:
- Accept
- Accept-Version
- Authorization
- Content-Length
- Content-Type
- Date
- X-Auth-Token
- apikey
- x-client-info
exposed_headers:
- Content-Length
- Content-Range
credentials: true
max_age: 3600
- name: auth-v1-open-authorize - name: auth-v1-open-authorize
url: http://auth:9999/authorize url: http://auth:9999/authorize
@ -56,6 +137,33 @@ services:
- /auth/v1/authorize - /auth/v1/authorize
plugins: plugins:
- name: cors - name: cors
config:
origins:
- https://portal.monacousa.org
- http://localhost:7453
- http://localhost:3000
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
headers:
- Accept
- Accept-Version
- Authorization
- Content-Length
- Content-Type
- Date
- X-Auth-Token
- apikey
- x-client-info
exposed_headers:
- Content-Length
- Content-Range
credentials: true
max_age: 3600
- name: auth-v1 - name: auth-v1
url: http://auth:9999/ url: http://auth:9999/
@ -66,6 +174,33 @@ services:
- /auth/v1/ - /auth/v1/
plugins: plugins:
- name: cors - name: cors
config:
origins:
- https://portal.monacousa.org
- http://localhost:7453
- http://localhost:3000
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
headers:
- Accept
- Accept-Version
- Authorization
- Content-Length
- Content-Type
- Date
- X-Auth-Token
- apikey
- x-client-info
exposed_headers:
- Content-Length
- Content-Range
credentials: true
max_age: 3600
- name: key-auth - name: key-auth
config: config:
hide_credentials: false hide_credentials: false
@ -85,6 +220,33 @@ services:
- /rest/v1/ - /rest/v1/
plugins: plugins:
- name: cors - name: cors
config:
origins:
- https://portal.monacousa.org
- http://localhost:7453
- http://localhost:3000
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
headers:
- Accept
- Accept-Version
- Authorization
- Content-Length
- Content-Type
- Date
- X-Auth-Token
- apikey
- x-client-info
exposed_headers:
- Content-Length
- Content-Range
credentials: true
max_age: 3600
- name: key-auth - name: key-auth
config: config:
hide_credentials: false hide_credentials: false
@ -104,6 +266,33 @@ services:
- /realtime/v1/websocket - /realtime/v1/websocket
plugins: plugins:
- name: cors - name: cors
config:
origins:
- https://portal.monacousa.org
- http://localhost:7453
- http://localhost:3000
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
headers:
- Accept
- Accept-Version
- Authorization
- Content-Length
- Content-Type
- Date
- X-Auth-Token
- apikey
- x-client-info
exposed_headers:
- Content-Length
- Content-Range
credentials: true
max_age: 3600
- name: key-auth - name: key-auth
config: config:
hide_credentials: false hide_credentials: false
@ -123,6 +312,33 @@ services:
- /realtime/v1/ - /realtime/v1/
plugins: plugins:
- name: cors - name: cors
config:
origins:
- https://portal.monacousa.org
- http://localhost:7453
- http://localhost:3000
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
headers:
- Accept
- Accept-Version
- Authorization
- Content-Length
- Content-Type
- Date
- X-Auth-Token
- apikey
- x-client-info
exposed_headers:
- Content-Length
- Content-Range
credentials: true
max_age: 3600
- name: key-auth - name: key-auth
config: config:
hide_credentials: false hide_credentials: false
@ -142,6 +358,33 @@ services:
- /storage/v1/object/public - /storage/v1/object/public
plugins: plugins:
- name: cors - name: cors
config:
origins:
- https://portal.monacousa.org
- http://localhost:7453
- http://localhost:3000
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
headers:
- Accept
- Accept-Version
- Authorization
- Content-Length
- Content-Type
- Date
- X-Auth-Token
- apikey
- x-client-info
exposed_headers:
- Content-Length
- Content-Range
credentials: true
max_age: 3600
- name: storage-v1 - name: storage-v1
url: http://storage:5000/ url: http://storage:5000/
@ -152,6 +395,33 @@ services:
- /storage/v1/ - /storage/v1/
plugins: plugins:
- name: cors - name: cors
config:
origins:
- https://portal.monacousa.org
- http://localhost:7453
- http://localhost:3000
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
headers:
- Accept
- Accept-Version
- Authorization
- Content-Length
- Content-Type
- Date
- X-Auth-Token
- apikey
- x-client-info
exposed_headers:
- Content-Length
- Content-Range
credentials: true
max_age: 3600
- name: key-auth - name: key-auth
config: config:
hide_credentials: false hide_credentials: false