feat(backend): added support for new env variable to enable/disable Access-Control-* headers (#1308)

backend/Dockerfile

@@ -89,7 +89,9 @@ ENV TZ=UTC \
     # Use to enable cloud specific feature
     CLOUD="aws" \
     # Use to set compression threshold for tracker requests (20kb by default)
-    COMPRESSION_THRESHOLD="20000"
+    COMPRESSION_THRESHOLD="20000" \
+    # Set Access-Control-* headers for tracker requests if true
+    USE_CORS=false
 
 
 RUN if [ "$SERVICE_NAME" = "http" ]; then \

backend/internal/config/http/config.go

@@ -10,22 +10,23 @@ import (
 type Config struct {
 	common.Config
 	common.Postgres
-	HTTPHost             string        `env:"HTTP_HOST,default="`
-	HTTPPort             string        `env:"HTTP_PORT,required"`
-	HTTPTimeout          time.Duration `env:"HTTP_TIMEOUT,default=60s"`
-	TopicRawWeb          string        `env:"TOPIC_RAW_WEB,required"`
-	TopicRawIOS          string        `env:"TOPIC_RAW_IOS,required"`
-	BeaconSizeLimit      int64         `env:"BEACON_SIZE_LIMIT,required"`
-	CompressionThreshold int64         `env:"COMPRESSION_THRESHOLD,default=20000"`
-	JsonSizeLimit        int64         `env:"JSON_SIZE_LIMIT,default=1000"`
-	FileSizeLimit        int64         `env:"FILE_SIZE_LIMIT,default=10000000"`
-	AWSRegion            string        `env:"AWS_REGION,required"`
-	S3BucketIOSImages    string        `env:"S3_BUCKET_IOS_IMAGES,required"`
-	TokenSecret          string        `env:"TOKEN_SECRET,required"`
-	UAParserFile         string        `env:"UAPARSER_FILE,required"`
-	MaxMinDBFile         string        `env:"MAXMINDDB_FILE,required"`
-	UseProfiler          bool          `env:"PROFILER_ENABLED,default=false"`
-	WorkerID             uint16
+	HTTPHost                string        `env:"HTTP_HOST,default="`
+	HTTPPort                string        `env:"HTTP_PORT,required"`
+	HTTPTimeout             time.Duration `env:"HTTP_TIMEOUT,default=60s"`
+	TopicRawWeb             string        `env:"TOPIC_RAW_WEB,required"`
+	TopicRawIOS             string        `env:"TOPIC_RAW_IOS,required"`
+	BeaconSizeLimit         int64         `env:"BEACON_SIZE_LIMIT,required"`
+	CompressionThreshold    int64         `env:"COMPRESSION_THRESHOLD,default=20000"`
+	JsonSizeLimit           int64         `env:"JSON_SIZE_LIMIT,default=1000"`
+	FileSizeLimit           int64         `env:"FILE_SIZE_LIMIT,default=10000000"`
+	AWSRegion               string        `env:"AWS_REGION,required"`
+	S3BucketIOSImages       string        `env:"S3_BUCKET_IOS_IMAGES,required"`
+	TokenSecret             string        `env:"TOKEN_SECRET,required"`
+	UAParserFile            string        `env:"UAPARSER_FILE,required"`
+	MaxMinDBFile            string        `env:"MAXMINDDB_FILE,required"`
+	UseProfiler             bool          `env:"PROFILER_ENABLED,default=false"`
+	UseAccessControlHeaders bool          `env:"USE_CORS,default=false"`
+	WorkerID                uint16
 }
 
 func New() *Config {

backend/internal/http/router/router.go

@@ -118,10 +118,12 @@ func (e *Router) root(w http.ResponseWriter, r *http.Request) {
 
 func (e *Router) corsMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		// Prepare headers for preflight requests
-		w.Header().Set("Access-Control-Allow-Origin", "*")
-		w.Header().Set("Access-Control-Allow-Methods", "POST")
-		w.Header().Set("Access-Control-Allow-Headers", "Content-Type,Authorization,Content-Encoding")
+		if e.cfg.UseAccessControlHeaders {
+			// Prepare headers for preflight requests
+			w.Header().Set("Access-Control-Allow-Origin", "*")
+			w.Header().Set("Access-Control-Allow-Methods", "POST")
+			w.Header().Set("Access-Control-Allow-Headers", "Content-Type,Authorization,Content-Encoding")
+		}
 		if r.Method == http.MethodOptions {
 			w.Header().Set("Cache-Control", "max-age=86400")
 			w.WriteHeader(http.StatusOK)