feat: Change CORS headers to allow JS queries (#131)

Change CORS from api to allow js queries. This is configurable through environment.

.env

@@ -49,4 +49,6 @@ LOG_LEVEL=DEBUG
 
 # Path to the yaml configuration file
 # This envvar is **required**
-CONFIG_PATH=
+CONFIG_PATH=
+
+ALLOWED_ORIGINS='http://localhost,http://127.0.0.1,https://*.openfoodfacts.org,https://*.openfoodfacts.net'

.env.openfoodfacts

@@ -51,4 +51,6 @@ LOG_LEVEL=DEBUG
 CONFIG_PATH=data/config/openfoodfacts.yml
 
 # URL to the OFF API
-OFF_API_URL=https://world.openfoodfacts.org
+OFF_API_URL=https://world.openfoodfacts.org
+
+ALLOWED_ORIGINS='http://localhost,http://127.0.0.1,https://*.openfoodfacts.org,https://*.openfoodfacts.net'

.github/workflows/container-deploy.yml

@@ -38,6 +38,8 @@ jobs:
         # in staging Product Opener is deployed on the same VM
         echo "COMMON_NET_NAME=po_webnet" >> $GITHUB_ENV
         echo "OFF_API_URL=https://world.openfoodfacts.net" >> $GITHUB_ENV
+        echo "ALLOWED_ORIGINS='http://localhost,http://127.0.0.1,https://*.openfoodfacts.org,https://*.openfoodfacts.net'" >> $GITHUB_ENV
+        
         echo "REDIS_HOST=redis" >> $GITHUB_ENV
     - name: Set various variable for production deployment
       if: matrix.env == 'off-search-org'
@@ -48,6 +50,7 @@ jobs:
         # separate server and is not dockerized
         echo "COMMON_NET_NAME=po_webnet" >> $GITHUB_ENV
         echo "OFF_API_URL=https://world.openfoodfacts.org" >> $GITHUB_ENV
+        echo "ALLOWED_ORIGINS='http://localhost,http://127.0.0.1,https://*.openfoodfacts.org,https://*.openfoodfacts.net'" >> $GITHUB_ENV
         # REDIS_HOST: this is the IP address of the stunnel VM
         echo "REDIS_HOST=10.1.0.113" >> $GITHUB_ENV
     - name: Wait for search image container build workflow
@@ -138,6 +141,7 @@ jobs:
           echo "SENTRY_DNS=${{ secrets.SENTRY_DSN }}" >> .env
           echo "CONFIG_PATH=data/config/openfoodfacts.yml" >> .env
           echo "OFF_API_URL=${{ env.OFF_API_URL }}" >> .env
+          echo "ALLOWED_ORIGINS=${{ env.ALLOWED_ORIGINS }}" >> .env
 
     - name: Create Docker volumes
       uses: appleboy/ssh-action@master

.github/workflows/pre-commit.yml

@@ -18,6 +18,7 @@ jobs:
         echo "" > .envrc
         echo CONFIG_PATH=data/config/openfoodfacts.yml >> .envrc
         echo OFF_API_URL=https://world.openfoodfacts.org >> .envrc
+        echo ALLOWED_ORIGINS='http://localhost,http://127.0.0.1,https://*.openfoodfacts.org,https://*.openfoodfacts.net' >> .envrc
         echo USER_IID=$(id -u) >>.envrc
         echo USER_GID=$(id -g) >>.envrc
         make build

README.md

@@ -62,6 +62,7 @@ export USER_UID=<your_user_uid>
 
 export CONFIG_PATH=data/config/openfoodfacts.yml
 export OFF_API_URL=https://world.openfoodfacts.org
+export ALLOWED_ORIGINS='http://localhost,http://127.0.0.1,https://*.openfoodfacts.org,https://*.openfoodfacts.net' 
 ```
 
 [^winEnvrc]: For Windows users, the .envrc is only taken into account by the `make` commands.

app/api.py

@@ -1,10 +1,12 @@
 import json
+import os
 from pathlib import Path
 from typing import Annotated, Any, cast
 
 import elasticsearch
 from elasticsearch_dsl import Search
 from fastapi import FastAPI, HTTPException, Query, Request
+from fastapi.middleware.cors import CORSMiddleware
 from fastapi.responses import HTMLResponse, PlainTextResponse
 from fastapi.templating import Jinja2Templates
 
@@ -32,6 +34,16 @@
         "url": "https://www.gnu.org/licenses/agpl-3.0.en.html",
     },
 )
+ALLOWED_ORIGINS = os.environ.get(
+    "ALLOWED_ORIGINS", "http://localhost,http://127.0.0.1"
+).split(",")
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=ALLOWED_ORIGINS,
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
 templates = Jinja2Templates(directory=Path(__file__).parent / "templates")
 init_sentry(settings.sentry_dns)
 connection.get_es_client()

docker-compose.yml

@@ -46,6 +46,7 @@ x-api-common: &api-common
     - CONFIG_PATH
     # URL of the OFF API
     - OFF_API_URL
+    - ALLOWED_ORIGINS
   networks:
     - default
     - common_net