Add bypassCors option

MarceloRGonc · MarceloRGonc · commit a619a57ed017 · 2025-12-02T14:04:07.000Z
diff --git a/packages/server/api/src/app/app.ts b/packages/server/api/src/app/app.ts
@@ -137,33 +137,47 @@ export const setupApp = async (
 
   await app.register(rateLimitModule);
 
-  await app.register(cors, {
-    origin: (origin, callback) => {
-      logger.info('Allow cors request plugin');
+  await app.register(async (app) => {
+    app.addHook('preHandler', async (req, _reply) => {
+      const bypassCorsPlugin =
+        req.routeOptions.config?.bypassCorsPlugin ?? false;
 
-      if (origin === system.get(SharedSystemProp.FRONTEND_URL)) {
-        return callback(null, true);
+      if (bypassCorsPlugin) {
+        // reply.header('X-CORS-SKIPPED', 'true');
+        logger.info('Bypass Cors Plugin');
+
+        return;
       }
+    });
 
-      const allowedDomainsString = system.get(AppSystemProp.ALLOWED_DOMAINS);
+    await app.register(cors, {
+      origin: (origin, callback) => {
+        logger.info('Allow cors request plugin');
 
-      if (allowedDomainsString) {
-        if (allowedDomainsString === '*') {
+        if (origin === system.get(SharedSystemProp.FRONTEND_URL)) {
           return callback(null, true);
         }
 
-        const allowedDomains = allowedDomainsString.split(',');
+        const allowedDomainsString = system.get(AppSystemProp.ALLOWED_DOMAINS);
 
-        if (allowedDomains.includes(origin as string)) {
-          return callback(null, true);
+        if (allowedDomainsString) {
+          if (allowedDomainsString === '*') {
+            return callback(null, true);
+          }
+
+          const allowedDomains = allowedDomainsString.split(',');
+
+          if (allowedDomains.includes(origin as string)) {
+            return callback(null, true);
+          }
         }
-      }
 
-      return callback(null, false);
-    },
-    exposedHeaders: ['*'],
-    methods: ['*'],
-    credentials: true,
+        return callback(null, false);
+      },
+      exposedHeaders: ['*'],
+      methods: ['*'],
+      credentials: true,
+    });
   });
 
   await app.register(fastifySocketIO, {
diff --git a/packages/server/api/src/app/flow-template/cloud-template.controller.ts b/packages/server/api/src/app/flow-template/cloud-template.controller.ts
@@ -53,6 +53,7 @@ export const cloudTemplateController: FastifyPluginAsyncTypebox = async (
     {
       config: {
         allowedPrincipals: ALL_PRINCIPAL_TYPES,
+        bypassCorsPlugin: true,
         skipAuth: true,
       },
       schema: {
@@ -94,6 +95,7 @@ export const cloudTemplateController: FastifyPluginAsyncTypebox = async (
     {
       config: {
         allowedPrincipals: ALL_PRINCIPAL_TYPES,
+        bypassCorsPlugin: true,
         skipAuth: true,
       },
       schema: {
diff --git a/packages/server/api/types/fastify.d.ts b/packages/server/api/types/fastify.d.ts
@@ -23,6 +23,7 @@ declare module 'fastify' {
     allowedPrincipals?: PrincipalType[];
     rawBody?: boolean;
     skipAuth?: boolean;
+    bypassCorsPlugin?: boolean;
     scope?: EndpointScope;
     permission?: Permission;
   }

Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,7 @@ declare module 'fastify' {`
`23`	`23`	`allowedPrincipals?: PrincipalType[];`
`24`	`24`	`rawBody?: boolean;`
`25`	`25`	`skipAuth?: boolean;`
	`26`	`+ bypassCorsPlugin?: boolean;`
`26`	`27`	`scope?: EndpointScope;`
`27`	`28`	`permission?: Permission;`
`28`	`29`	`}`