commit a22366f0c478edb4c8e9c1d3e54d3411fb77592f
author Arnav Kansal <rnv@google.com> Mon Aug 08 21:10:56 2022 +0000
committer Arnav Kansal <rnv@google.com> Tue Aug 09 00:06:41 2022 +0000
tree 158740624ca5f656c0525c70b39cb20fa593da60
parent 4de85d8ba431597636a1a46f7b83dc2f74954e43

Allow CORS for Gerrit FE landingwidget

BUG=b/239224440

Change-Id: I13c66f9fb9d40862c04b515f5d102dc50367ff43
Reviewed-on: https://cos-review.googlesource.com/c/cos/tools/+/35809
Reviewed-by: Anil Altinay <aaltinay@google.com>
Cloud-Build: GCB Service account <228075978874@cloudbuild.gserviceaccount.com>
Tested-by: Arnav Kansal <rnv@google.com>

src/cmd/changelog-webapp/app.yaml

diff --git a/src/cmd/changelog-webapp/app.yaml b/src/cmd/changelog-webapp/app.yaml
index 672dd64..818ff25 100644
--- a/src/cmd/changelog-webapp/app.yaml
+++ b/src/cmd/changelog-webapp/app.yaml
@@ -34,8 +34,3 @@
   COS_FINDBUILD_TABLE_NAME: "cos-findbuild-table-name"
   COS_FINDBUILD_PASSWORD_NAME: "cos-findbuild-password-name"
   COS_FINDBUILD_INSTANCE_NAME: "cos-findbuild-instance-name"
-
-handlers:
-- url: /findreleasedbuild
-  http_headers:
-    Access-Control-Allow-Origin: https://cos-review.googlesource.com

src/cmd/changelog-webapp/controllers/pageHandlers.go

diff --git a/src/cmd/changelog-webapp/controllers/pageHandlers.go b/src/cmd/changelog-webapp/controllers/pageHandlers.go
index 4b7643a..b38181e 100644
--- a/src/cmd/changelog-webapp/controllers/pageHandlers.go
+++ b/src/cmd/changelog-webapp/controllers/pageHandlers.go
@@ -549,6 +549,11 @@
 
 // HandleFindReleasedBuildGerrit returns the released build number in JSON
 func HandleFindReleasedBuildGerrit(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set("Content-Type", "application/json")
+	if origin, ok := allowedOrigin(r.Header.Get("Origin")); ok {
+		w.Header().Set("Access-Control-Allow-Origin", origin)
+		w.Header().Set("Access-Control-Allow-Credentials", "true")
+	}
 	var err error
 	if err = r.ParseForm(); err != nil {
 		log.Errorf("error parsing form: %v", err)
@@ -571,5 +576,12 @@
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
-	json.NewEncoder(w).Encode(map[string]string{"versions": buildData.BuildNum})
+	json.NewEncoder(w).Encode(map[string][]string{"versions": {buildData.BuildNum}})
+}
+
+func allowedOrigin(origin string) (string, bool) {
+	if origin == "https://cos-review.googlesource.com" || origin == "https://cos-internal-review.googlesource.com" {
+		return origin, true
+	}
+	return "", false
 }

src/cmd/changelog-webapp/main.go

diff --git a/src/cmd/changelog-webapp/main.go b/src/cmd/changelog-webapp/main.go
index 4805973..9e32270 100644
--- a/src/cmd/changelog-webapp/main.go
+++ b/src/cmd/changelog-webapp/main.go
@@ -42,7 +42,7 @@
 	http.HandleFunc("/changelog/", controllers.HandleChangelog)
 	http.HandleFunc("/findbuild/", controllers.HandleFindBuild)
 	http.HandleFunc("/findreleasedbuildv2/", controllers.HandleFindReleasedBuild)
-	http.HandleFunc("/findreleasedbuild/", controllers.HandleFindReleasedBuildGerrit)
+	http.HandleFunc("/findreleasedbuild", controllers.HandleFindReleasedBuildGerrit)
 	http.HandleFunc("/login/", controllers.HandleLogin)
 	http.HandleFunc("/oauth2callback/", controllers.HandleCallback)
 	http.HandleFunc("/signout/", controllers.HandleSignOut)