Allow cors requests for jira_connect/subscriptions
What does this MR do and why?
This adds more allowed cross-origin requests for the Jira connect proxy feature.
For this feature, GitLab SaaS will serve a frontend that will make HTTP calls to a self-managed instance. To make sure the cross-origin requests succeed, the endpoints have to respond to the OPTIONS HTTP method and send back headers with details about what calls are allowed.
To call GET /-/jira_connect/subscriptions
, the browser will:
- Send a request to
OPTIONS /-/jira_connect/subscriptions
- Verify that the Access-Control-Allow-Origin header includes the origin. In our case, we just allow all
'*'
. - Verify that the Access-Control-Allow-Methods header includes the desired method. In this case,
'GET'
. - Send the actual request to
GET /-/jira_connect/subscriptions
Related issue: #372975 (closed)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Andy Schoenen