Support CORS

[bddjong]

The gateway should allow CORS requests so that the PWA can use it

We should investigate how to properly support CORS on the gateway. This is currently allowed through a quick fix using cors middleware.

Tasks

• [ ] Install cors package
• [ ] Create smallest possible cors configuration
• [ ] Test if GET, POST, OPTIONS, PUT requests work in the client

[GewoonMaarten]

This is a temporary work around:

• Changing index.ts to include:

  app.use(function (req: any, res: any, next: any) {
   res.header("Access-Control-Allow-Origin", "*");
   res.header(
     "Access-Control-Allow-Headers",
     "Authorization, Cache-Control, Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers"
   );
   res.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
   next();
  });

  Add this as the first middleware.

• and changing ZaakRoutes.ts to:

  export const ZaakRouter: Router = express
   .Router()
   .options("/", (req, res) => {
     res.send();
   })
   .use(VerifyToken)
  .get("/", ZakenController)
   .get("/statussen", (req, res) => {
     console.log("hello from /statussen");
     res.send("test");
   });

[ogjtech]

This is a temporary work around:

@GewoonMaarten according to this website, your temporary work around is the way to fix this in general. You can specify which specific URL has access to the gateway's resources, or use the wildcard '*' as per your example to allow anyone anywhere (a bad idea if you ask me, perhaps time to decide on a URL for the PWA).

@Gemeente-DenHaag/mdh-rysst Express' website itself documents the similar way and even more on configuring CORS here.