fix: cors (#621)

* fix: dont (re)generate client secret with auth type none * fix(cors): allow Origin from request * feat: add origin allow list and fix some core issues * rename migration * fix UserIDsByDomain * check origin on userinfo * update oidc pkg
2025-08-12 03:37:34 +00:00 · 2020-08-24 10:06:55 +02:00
parent 193cfb45f6
commit 4e1e8a714a
18 changed files with 128 additions and 26 deletions
--- a/internal/api/grpc/server/gateway.go
+++ b/internal/api/grpc/server/gateway.go
@@ -131,7 +131,7 @@ func addInterceptors(handler http.Handler, g Gateway) http.Handler {
 	if interceptor, ok := g.(grpcGatewayCustomInterceptor); ok {
 		handler = interceptor.GatewayHTTPInterceptor(handler)
 	}
-	return http_mw.CORSInterceptorOpts(http_mw.DefaultCORSOptions, handler)
+	return http_mw.CORSInterceptor(handler)
 }

 func gatewayPort(port string) string {
--- a/internal/api/grpc/server/middleware/auth_interceptor_test.go
+++ b/internal/api/grpc/server/middleware/auth_interceptor_test.go
@@ -27,8 +27,8 @@ func (v *verifierMock) VerifyAccessToken(ctx context.Context, token, clientID st
 func (v *verifierMock) ResolveGrants(ctx context.Context) (*authz.Grant, error) {
 	return nil, nil
 }
-func (v *verifierMock) ProjectIDByClientID(ctx context.Context, clientID string) (string, error) {
-	return "", nil
+func (v *verifierMock) ProjectIDAndOriginsByClientID(ctx context.Context, clientID string) (string, []string, error) {
+	return "", nil, nil
 }
 func (v *verifierMock) ExistsOrg(ctx context.Context, orgID string) error {
 	return nil