From 3d673a9f8a0700736aaccc5396c5582611ef4cf5 Mon Sep 17 00:00:00 2001 From: Sukhpal <6563909+sukhpalp@users.noreply.github.com> Date: Thu, 2 May 2024 17:23:25 -0700 Subject: [PATCH 1/7] Add CORS Config for Cloudfront --- terraform/cloudfront.tf | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/terraform/cloudfront.tf b/terraform/cloudfront.tf index c66f55956e..d3a55faac1 100644 --- a/terraform/cloudfront.tf +++ b/terraform/cloudfront.tf @@ -1021,6 +1021,40 @@ output "wfnews_cloudfront_nginx_url" { resource "aws_cloudfront_response_headers_policy" "cache_control_response_headers" { name = "cache-control-response-headers-${var.target_env}" + cors_config { + access_control_allow_credentials = true + + access_control_allow_headers { + items = [ + "Accept", + "Accept-Encoding", + "Accept-Language", + "Cache-Control", + "Origin", + "Pragma", + "Priority", + "Referer", + "Apikey", + "Authorization", + "Content-Type" + ] + } + + access_control_allow_methods { + items = ["GET", "POST", "PUT", "HEAD", "OPTIONS", "PATCH", "DELETE"] + } + + access_control_allow_origins { + items = [ + "https://wfnews-client.${var.target_env}.bcwildfireservices.com", + "https://wildfiresituation.nrs.gov.bc.ca" + ] + } + + access_control_max_age_sec = 300 + + origin_override = true + } custom_headers_config { items { From 96806fafcd74e70e3333bef68e43a2cb278e1294 Mon Sep 17 00:00:00 2001 From: Sukhpal <6563909+sukhpalp@users.noreply.github.com> Date: Thu, 2 May 2024 17:44:35 -0700 Subject: [PATCH 2/7] Test uses dev APIs --- terraform/cloudfront.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/terraform/cloudfront.tf b/terraform/cloudfront.tf index d3a55faac1..3ed35ca5c8 100644 --- a/terraform/cloudfront.tf +++ b/terraform/cloudfront.tf @@ -1046,7 +1046,8 @@ resource "aws_cloudfront_response_headers_policy" "cache_control_response_header access_control_allow_origins { items = [ - "https://wfnews-client.${var.target_env}.bcwildfireservices.com", + "https://wfnews-client.dev.bcwildfireservices.com", + "https://wfnews-client.test.bcwildfireservices.com", "https://wildfiresituation.nrs.gov.bc.ca" ] } From a9f634e07a909aa0f8ecaac122f0ab8ff09c8648 Mon Sep 17 00:00:00 2001 From: Sukhpal <6563909+sukhpalp@users.noreply.github.com> Date: Thu, 2 May 2024 18:03:25 -0700 Subject: [PATCH 3/7] Split header policies and use the non auth one for maps --- terraform/cloudfront.tf | 72 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 71 insertions(+), 1 deletion(-) diff --git a/terraform/cloudfront.tf b/terraform/cloudfront.tf index 3ed35ca5c8..3b1904124e 100644 --- a/terraform/cloudfront.tf +++ b/terraform/cloudfront.tf @@ -915,7 +915,7 @@ resource "aws_cloudfront_distribution" "wfnews_openmaps_cache" { } } - response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_response_headers.id + response_headers_policy_id = aws_cloudfront_response_headers_policy.cache_control_response_headers_no_auth_cors.id viewer_protocol_policy = "redirect-to-https" min_ttl = 0 @@ -1021,6 +1021,76 @@ output "wfnews_cloudfront_nginx_url" { resource "aws_cloudfront_response_headers_policy" "cache_control_response_headers" { name = "cache-control-response-headers-${var.target_env}" + custom_headers_config { + items { + header = "Cache-Control" + override = true + value = "stale-while-revalidate=600" + } + } + + remove_headers_config { + items { + header = "X-Forwarded-Server" + } + + items { + header = "X-Forwarded-Host" + } + + items { + header = "X-Host" + } + } +} + +resource "aws_cloudfront_response_headers_policy" "cache_control_response_headers_no_auth_cors" { + name = "cache-control-response-headers-no-auth-cor-${var.target_env}" + cors_config { + access_control_allow_credentials = false + + access_control_allow_headers { + items = ["*"] + } + + access_control_allow_methods { + items = ["*"] + } + + access_control_allow_origins { + items = ["*"] + } + + access_control_max_age_sec = 300 + + origin_override = true + } + + custom_headers_config { + items { + header = "Cache-Control" + override = true + value = "stale-while-revalidate=600" + } + } + + remove_headers_config { + items { + header = "X-Forwarded-Server" + } + + items { + header = "X-Forwarded-Host" + } + + items { + header = "X-Host" + } + } +} + +resource "aws_cloudfront_response_headers_policy" "cache_control_response_headers_auth_cors" { + name = "cache-control-response-headers-auth-cor-${var.target_env}" cors_config { access_control_allow_credentials = true From 2baddb07a3fda0017e5f383e978a69faf6b207ff Mon Sep 17 00:00:00 2001 From: Sukhpal <6563909+sukhpalp@users.noreply.github.com> Date: Thu, 2 May 2024 19:43:12 -0700 Subject: [PATCH 4/7] Add capacitor --- terraform/cloudfront.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform/cloudfront.tf b/terraform/cloudfront.tf index 3b1904124e..709a4d4b75 100644 --- a/terraform/cloudfront.tf +++ b/terraform/cloudfront.tf @@ -1116,6 +1116,7 @@ resource "aws_cloudfront_response_headers_policy" "cache_control_response_header access_control_allow_origins { items = [ + "capacitor://localhost", "https://wfnews-client.dev.bcwildfireservices.com", "https://wfnews-client.test.bcwildfireservices.com", "https://wildfiresituation.nrs.gov.bc.ca" From 7c84700ae3e9508c8cf16ffd814099ec76f2f9a2 Mon Sep 17 00:00:00 2001 From: Sukhpal <6563909+sukhpalp@users.noreply.github.com> Date: Thu, 2 May 2024 21:02:10 -0700 Subject: [PATCH 5/7] Add Android origin --- terraform/cloudfront.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform/cloudfront.tf b/terraform/cloudfront.tf index 709a4d4b75..43a8aa5912 100644 --- a/terraform/cloudfront.tf +++ b/terraform/cloudfront.tf @@ -1117,6 +1117,7 @@ resource "aws_cloudfront_response_headers_policy" "cache_control_response_header access_control_allow_origins { items = [ "capacitor://localhost", + "http://localhost", "https://wfnews-client.dev.bcwildfireservices.com", "https://wfnews-client.test.bcwildfireservices.com", "https://wildfiresituation.nrs.gov.bc.ca" From 4584915c77baee1c51f8688fe17bad3fb7c3bc32 Mon Sep 17 00:00:00 2001 From: Sukhpal <6563909+sukhpalp@users.noreply.github.com> Date: Thu, 2 May 2024 21:30:13 -0700 Subject: [PATCH 6/7] https instead of http --- terraform/cloudfront.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/cloudfront.tf b/terraform/cloudfront.tf index 43a8aa5912..03c00e57f6 100644 --- a/terraform/cloudfront.tf +++ b/terraform/cloudfront.tf @@ -1117,7 +1117,7 @@ resource "aws_cloudfront_response_headers_policy" "cache_control_response_header access_control_allow_origins { items = [ "capacitor://localhost", - "http://localhost", + "https://localhost", "https://wfnews-client.dev.bcwildfireservices.com", "https://wfnews-client.test.bcwildfireservices.com", "https://wildfiresituation.nrs.gov.bc.ca" From 7982eb279520432aa279f307d0fbc8652976e092 Mon Sep 17 00:00:00 2001 From: Sukhpal <6563909+sukhpalp@users.noreply.github.com> Date: Wed, 8 May 2024 17:20:52 -0700 Subject: [PATCH 7/7] Add localhost for old android --- terraform/cloudfront.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform/cloudfront.tf b/terraform/cloudfront.tf index 03c00e57f6..cbfddfac35 100644 --- a/terraform/cloudfront.tf +++ b/terraform/cloudfront.tf @@ -1117,6 +1117,7 @@ resource "aws_cloudfront_response_headers_policy" "cache_control_response_header access_control_allow_origins { items = [ "capacitor://localhost", + "http://localhost", "https://localhost", "https://wfnews-client.dev.bcwildfireservices.com", "https://wfnews-client.test.bcwildfireservices.com",