add thrall to allowed CORS domains (which informs the CSRF origins)

guardian · Aug 9, 2023 · 8712bec · 8712bec
1 parent 63f09f1
commit 8712bec
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 6 deletions.
diff --git a/common-lib/src/main/scala/com/gu/mediaservice/lib/config/CommonConfig.scala b/common-lib/src/main/scala/com/gu/mediaservice/lib/config/CommonConfig.scala
@@ -59,7 +59,8 @@ abstract class CommonConfig(resources: GridConfigResources) extends AwsClientBui
     stringDefault("hosts.usagePrefix", s"$rootAppName-usage."),
     stringDefault("hosts.collectionsPrefix", s"$rootAppName-collections."),
     stringDefault("hosts.leasesPrefix", s"$rootAppName-leases."),
-    stringDefault("hosts.authPrefix", s"$rootAppName-auth.")
+    stringDefault("hosts.authPrefix", s"$rootAppName-auth."),
+    stringDefault("hosts.thrallPrefix", s"thrall.$rootAppName.")
   )
 
   val corsAllowedOrigins: Set[String] = getStringSet("security.cors.allowedOrigins")

diff --git a/common-lib/src/main/scala/com/gu/mediaservice/lib/config/Services.scala b/common-lib/src/main/scala/com/gu/mediaservice/lib/config/Services.scala
@@ -11,7 +11,8 @@ case class ServiceHosts(
   usagePrefix: String,
   collectionsPrefix: String,
   leasesPrefix: String,
-  authPrefix: String
+  authPrefix: String,
+  thrallPrefix: String
 )
 
 object ServiceHosts {
@@ -31,7 +32,8 @@ object ServiceHosts {
       usagePrefix = s"$rootAppName-usage.",
       collectionsPrefix = s"$rootAppName-collections.",
       leasesPrefix = s"$rootAppName-leases.",
-      authPrefix = s"$rootAppName-auth."
+      authPrefix = s"$rootAppName-auth.",
+      thrallPrefix = s"thrall.$rootAppName."
     )
   }
 }
@@ -48,6 +50,8 @@ class Services(val domainRoot: String, hosts: ServiceHosts, corsAllowedOrigins:
   val leasesHost: String      = s"${hosts.leasesPrefix}${domainRootOverride.getOrElse(domainRoot)}"
   val authHost: String        = s"${hosts.authPrefix}$domainRoot"
   val projectionHost: String  = s"${hosts.projectionPrefix}${domainRootOverride.getOrElse(domainRoot)}"
+  val thrallHost: String      = s"${hosts.thrallPrefix}${domainRootOverride.getOrElse(domainRoot)}"
+
 
   val kahunaBaseUri      = baseUri(kahunaHost)
   val apiBaseUri         = baseUri(apiHost)
@@ -60,6 +64,7 @@ class Services(val domainRoot: String, hosts: ServiceHosts, corsAllowedOrigins:
   val collectionsBaseUri = baseUri(collectionsHost)
   val leasesBaseUri      = baseUri(leasesHost)
   val authBaseUri        = baseUri(authHost)
+  val thrallBaseUri      = baseUri(thrallHost)
 
   val allInternalUris = Seq(
     kahunaBaseUri,
@@ -70,12 +75,13 @@ class Services(val domainRoot: String, hosts: ServiceHosts, corsAllowedOrigins:
     usageBaseUri,
     collectionsBaseUri,
     leasesBaseUri,
-    authBaseUri
+    authBaseUri,
+    thrallBaseUri
   )
 
   val guardianWitnessBaseUri: String = "https://n0ticeapis.com"
 
-  val corsAllowedDomains: Set[String] = corsAllowedOrigins.map(baseUri)
+  val corsAllowedDomains: Set[String] = corsAllowedOrigins.map(baseUri) + kahunaBaseUri + apiBaseUri + thrallBaseUri
 
   val redirectUriParam = "redirectUri"
   val redirectUriPlaceholder = s"{?$redirectUriParam}"

diff --git a/rest-lib/src/main/scala/com/gu/mediaservice/lib/play/GridComponents.scala b/rest-lib/src/main/scala/com/gu/mediaservice/lib/play/GridComponents.scala
@@ -39,7 +39,7 @@ abstract class GridComponents[Config <: CommonConfig](context: Context, val load
   )
 
   final override lazy val corsConfig: CORSConfig = CORSConfig.fromConfiguration(context.initialConfiguration).copy(
-    allowedOrigins = Origins.Matching(Set(config.services.kahunaBaseUri, config.services.apiBaseUri) ++ config.services.corsAllowedDomains)
+    allowedOrigins = Origins.Matching(config.services.corsAllowedDomains)
   )
 
   lazy val management = new Management(controllerComponents, buildInfo)