now that user_auth is a module, how would I customize CORS given I need to allow other domains to access `api.my_domain_name`.

[karimkawambwa]

https://github.com/commitdev/terraform-aws-zero/blob/main/modules/user_auth/main.tf#L201-L204

Perhaps add the ability to specify a wildcard?
Or the ability to customize nginx.ingress.kubernetes.io/configuration-snippet.

[bmonkman]

Yeah unfortunately with the nginx ingress the only way to allow multiple CORS domains is by adding a configuration snippet like this:

    ingress.kubernetes.io/configuration-snippet: |
      if ($http_origin ~ '^https:\/\/(.*\.)?example\.(com|net)$') {
        set $allow_origin $http_origin;
      }

      # Cors Preflight methods needs additional options and different Return Code
      if ($request_method = 'OPTIONS') {
        more_set_headers 'Access-Control-Allow-Origin: $allow_origin';
        more_set_headers 'Access-Control-Allow-Credentials: true';
        more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
        more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Client-Identifier';
        more_set_headers 'Access-Control-Max-Age: 1728000';
        more_set_headers 'Content-Type: text/plain charset=UTF-8';
        more_set_headers 'Content-Length: 0';
        return 204;
      }

      more_set_headers 'Access-Control-Allow-Origin: $allow_origin';
      more_set_headers 'Access-Control-Allow-Credentials: true';
      more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
      more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Client-Identifier';

So inside the module we could add the configuration snippet, and add a variable to accept a list of domains or a domain regex.

[karimkawambwa]

So inside the module we could add the configuration snippet, and add a variable to accept a list of domains or a domain regex.

having this variable would be great if this is the best way (i can't think of any other way). I had a snippet before that I would like to use.

[bmonkman]

We could have both. Always specify this snippet for cors stuff, and then have another variable that allows a user to pass in additional configuration, which we would just append in that block.