Allow cors requests for jira_connect/subscriptions (!98705) · Merge requests · GitLab.org / GitLab

Andy Schoenen requested to merge andysoiron/jira-self-managed-preflight into master Sep 22, 2022

What does this MR do and why?

This adds more allowed cross-origin requests for the Jira connect proxy feature.

For this feature, GitLab SaaS will serve a frontend that will make HTTP calls to a self-managed instance. To make sure the cross-origin requests succeed, the endpoints have to respond to the OPTIONS HTTP method and send back headers with details about what calls are allowed.

To call GET /-/jira_connect/subscriptions, the browser will:

Send a request to OPTIONS /-/jira_connect/subscriptions
Verify that the Access-Control-Allow-Origin header includes the origin. In our case, we just allow all '*'.
Verify that the Access-Control-Allow-Methods header includes the desired method. In this case, 'GET'.
Send the actual request to GET /-/jira_connect/subscriptions

Related issue: #372975 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Sep 23, 2022 by Andy Schoenen

Allow cors requests for jira_connect/subscriptions

What does this MR do and why?

MR acceptance checklist

Merge request reports