From 3d4e7cc8e9449a2270e88e38d4741bb4ee94e01d Mon Sep 17 00:00:00 2001
From: Eduardo Apolinario <eapolinario@users.noreply.github.com>
Date: Thu, 17 Oct 2024 18:34:31 -0400
Subject: [PATCH] Handle CORS in secure connections

Signed-off-by: Eduardo Apolinario <eapolinario@users.noreply.github.com>
---
 flyteadmin/pkg/server/service.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/flyteadmin/pkg/server/service.go b/flyteadmin/pkg/server/service.go
index 840d0d9f17..3c5197d6c8 100644
--- a/flyteadmin/pkg/server/service.go
+++ b/flyteadmin/pkg/server/service.go
@@ -516,9 +516,19 @@ func serveGatewaySecure(ctx context.Context, pluginRegistry *plugins.Registry, c
 		panic(err)
 	}
 
+	handler := grpcHandlerFunc(grpcServer, httpServer)
+	if cfg.Security.AllowCors {
+		handler = handlers.CORS(
+			handlers.AllowCredentials(),
+			handlers.AllowedOrigins(cfg.Security.AllowedOrigins),
+			handlers.AllowedHeaders(append(defaultCorsHeaders, cfg.Security.AllowedHeaders...)),
+			handlers.AllowedMethods([]string{"GET", "POST", "DELETE", "HEAD", "PUT", "PATCH"}),
+		)(handler)
+	}
+
 	srv := &http.Server{
 		Addr:    cfg.GetHostAddress(),
-		Handler: grpcHandlerFunc(grpcServer, httpServer),
+		Handler: handler,
 		// #nosec G402
 		TLSConfig: &tls.Config{
 			Certificates: []tls.Certificate{*cert},