authorize: allow CORS preflight requests (#672)

* proxy: implement preserve host header option * authorize: allow CORS preflight requests
2025-08-03 16:59:22 +02:00 · 2020-05-08 15:56:43 -06:00 · 2020-05-08 15:56:43 -06:00 · 98d2f194a0
commit 98d2f194a0
parent d92ee8d2a0
6 changed files with 42 additions and 85 deletions
--- a/authorize/evaluator/opa/policy/authz.rego
+++ b/authorize/evaluator/opa/policy/authz.rego
@ -11,6 +11,16 @@ allow {
 	route_policies[route].AllowPublicUnauthenticatedAccess == true
 }

+# allow cors preflight
+allow {
+	route := first_allowed_route(input.url)
+	route_policies[route].CORSAllowPreflight == true
+	input.method == "OPTIONS"
+	count(object.get(input.headers, "Access-Control-Request-Method", [])) > 0
+	count(object.get(input.headers, "Origin", [])) > 0
+}
+
+
 # allow by email
 allow {
 	route := first_allowed_route(input.url)
@ -62,7 +72,6 @@ allow {
 	token.valid
 	count(deny)==0
 }
-
 # allow pomerium urls
 allow {
 	contains(input.url, "/.pomerium/")