add CORS policies to bucket configs.

nitrictech · Dec 15, 2024 · 30b8268 · 30b8268
1 parent 2445af1
commit 30b8268
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 0 deletions.
diff --git a/cloud/aws/deploytf/.nitric/modules/bucket/main.tf b/cloud/aws/deploytf/.nitric/modules/bucket/main.tf
@@ -19,6 +19,23 @@ resource "aws_s3_bucket" "bucket" {
   }
 }
 
+resource "aws_s3_bucket_cors_configuration" "cors_policy" {
+  bucket = aws_s3_bucket.bucket.id
+
+  # TODO: Make this configurable
+  cors_rule {
+    allowed_headers = ["*"]
+    allowed_methods = ["PUT", "POST", "GET"]
+    allowed_origins = ["*"]
+    max_age_seconds = 3000
+  }
+
+  cors_rule {
+    allowed_methods = ["GET"]
+    allowed_origins = ["*"]
+  }
+}
+
 # Deploy bucket lambda invocation permissions
 resource "aws_lambda_permission" "allow_bucket" {
   for_each = var.notification_targets

diff --git a/cloud/gcp/deploytf/.nitric/modules/bucket/main.tf b/cloud/gcp/deploytf/.nitric/modules/bucket/main.tf
@@ -35,6 +35,14 @@ resource "google_storage_bucket" "bucket" {
       type = "Delete"
     }
   }
+
+  cors {
+    # TODO: Make this configurable
+    origin          = ["*"]
+    method          = ["GET", "HEAD", "PUT", "POST"]
+    response_header = ["*"]
+    max_age_seconds = 3600
+  }
   labels = {
     "x-nitric-${var.stack_id}-name" = var.bucket_name
     "x-nitric-${var.stack_id}-type" = "bucket"