WIP

Author: MarceloRGonc

packages/server/api/src/app/app.ts

@@ -137,47 +137,32 @@ export const setupApp = async (
 
   await app.register(rateLimitModule);
 
-  await app.register(async (app) => {
-    app.addHook('preHandler', async (req, _reply) => {
-      const bypassCorsPlugin =
-        req.routeOptions.config?.bypassCorsPlugin ?? false;
-
-      if (bypassCorsPlugin) {
-        // reply.header('X-CORS-SKIPPED', 'true');
-        logger.info('Bypass Cors Plugin');
-
-        return;
+  await app.register(cors, {
+    origin: (origin, callback) => {
+      if (origin === system.get(SharedSystemProp.FRONTEND_URL)) {
+        return callback(null, true);
       }
-    });
 
-    await app.register(cors, {
-      origin: (origin, callback) => {
-        logger.info('Allow cors request plugin');
+      const allowedDomainsString = system.get(AppSystemProp.ALLOWED_DOMAINS);
 
-        if (origin === system.get(SharedSystemProp.FRONTEND_URL)) {
+      if (allowedDomainsString) {
+        if (allowedDomainsString === '*') {
           return callback(null, true);
         }
 
-        const allowedDomainsString = system.get(AppSystemProp.ALLOWED_DOMAINS);
+        const allowedDomains = allowedDomainsString.split(',');
 
-        if (allowedDomainsString) {
-          if (allowedDomainsString === '*') {
-            return callback(null, true);
-          }
-
-          const allowedDomains = allowedDomainsString.split(',');
-
-          if (allowedDomains.includes(origin as string)) {
-            return callback(null, true);
-          }
+        if (allowedDomains.includes(origin as string)) {
+          return callback(null, true);
         }
+      }
 
-        return callback(null, false);
-      },
-      exposedHeaders: ['*'],
-      methods: ['*'],
-      credentials: true,
-    });
+      logger.info('Block cors request plugin');
+      return callback(null, false);
+    },
+    exposedHeaders: ['*'],
+    methods: ['*'],
+    credentials: true,
   });
 
   await app.register(fastifySocketIO, {

packages/server/api/src/app/flow-template/cloud-template.controller.ts

@@ -26,35 +26,13 @@ export const cloudTemplateController: FastifyPluginAsyncTypebox = async (
   // cloud templates are available on any origin
   app.addHook('onRequest', allowAllOriginsHookHandler);
 
-  app.options('/*', async (request, reply) => {
-    logger.info('Options request');
-
-    void reply.header(
-      'Access-Control-Allow-Origin',
-      request.headers.origin || request.headers['Ops-Origin'] || '*',
-    );
-
-    void reply.header('Access-Control-Allow-Methods', 'GET,OPTIONS');
-
-    void reply.header(
-      'Access-Control-Allow-Headers',
-      'Content-Type,Ops-Origin,Authorization',
-    );
-
-    void reply.header('Access-Control-Allow-Credentials', 'false');
-
-    if (request.method === 'OPTIONS') {
-      return void reply.status(204).send();
-    }
-  });
-
   app.get(
     '/',
     {
       config: {
         allowedPrincipals: ALL_PRINCIPAL_TYPES,
-        bypassCorsPlugin: true,
         skipAuth: true,
+        cors: false,
       },
       schema: {
         tags: ['flow-templates'],
@@ -95,8 +73,8 @@ export const cloudTemplateController: FastifyPluginAsyncTypebox = async (
     {
       config: {
         allowedPrincipals: ALL_PRINCIPAL_TYPES,
-        bypassCorsPlugin: true,
         skipAuth: true,
+        cors: false,
       },
       schema: {
         tags: ['flow-templates'],