From 30b8268aa4dff771143f9a8b6a8dd4008c11bf59 Mon Sep 17 00:00:00 2001
From: Tim Holm <tim.holm@nitric.io>
Date: Mon, 16 Dec 2024 09:33:31 +1100
Subject: [PATCH] add CORS policies to bucket configs.

---
 .../aws/deploytf/.nitric/modules/bucket/main.tf | 17 +++++++++++++++++
 .../gcp/deploytf/.nitric/modules/bucket/main.tf |  8 ++++++++
 2 files changed, 25 insertions(+)

diff --git a/cloud/aws/deploytf/.nitric/modules/bucket/main.tf b/cloud/aws/deploytf/.nitric/modules/bucket/main.tf
index 67b87fbac..05dac3ebf 100644
--- a/cloud/aws/deploytf/.nitric/modules/bucket/main.tf
+++ b/cloud/aws/deploytf/.nitric/modules/bucket/main.tf
@@ -19,6 +19,23 @@ resource "aws_s3_bucket" "bucket" {
   }
 }
 
+resource "aws_s3_bucket_cors_configuration" "cors_policy" {
+  bucket = aws_s3_bucket.bucket.id
+
+  # TODO: Make this configurable
+  cors_rule {
+    allowed_headers = ["*"]
+    allowed_methods = ["PUT", "POST", "GET"]
+    allowed_origins = ["*"]
+    max_age_seconds = 3000
+  }
+
+  cors_rule {
+    allowed_methods = ["GET"]
+    allowed_origins = ["*"]
+  }
+}
+
 # Deploy bucket lambda invocation permissions
 resource "aws_lambda_permission" "allow_bucket" {
   for_each = var.notification_targets
diff --git a/cloud/gcp/deploytf/.nitric/modules/bucket/main.tf b/cloud/gcp/deploytf/.nitric/modules/bucket/main.tf
index 175476e24..3e6872f6f 100644
--- a/cloud/gcp/deploytf/.nitric/modules/bucket/main.tf
+++ b/cloud/gcp/deploytf/.nitric/modules/bucket/main.tf
@@ -35,6 +35,14 @@ resource "google_storage_bucket" "bucket" {
       type = "Delete"
     }
   }
+
+  cors {
+    # TODO: Make this configurable
+    origin          = ["*"]
+    method          = ["GET", "HEAD", "PUT", "POST"]
+    response_header = ["*"]
+    max_age_seconds = 3600
+  }
   labels = {
     "x-nitric-${var.stack_id}-name" = var.bucket_name
     "x-nitric-${var.stack_id}-type" = "bucket"