No "Origin" header in static-assets requests

[jmgasper]

@suppermancool - We are attempting some security updates to requests made to the Cloudfront distribution, like https://d1aahxkjiobka8.cloudfront.net/static-assets/main-1695940656408.css in dev, seen when loading pages like https://topcoder-dev.com/challenges.

I have a security header policy now set in AWS that should return the required Access-Control-Allow-Origin header in the response, but it requires the Origin header also be set on the request, and I'm not seeing that.

I'm not quite sure why it's not coming through, so I'm open to suggestions, thanks.

Sample curl, that returns the Access-Control-Allow-Origin header:

curl -vI -H "Origin: https://www.topcoder-dev.com" https://d1aahxkjiobka8.cloudfront.net/static-assets/challenge-listing/chunk-1695940656408.css

[suppermancool]

@jmgasper this done in 2 repos:

• https://github.com/topcoder-platform/community-app:

  • Done in community-app-issue-6917.patch (this patch again commit f41d6b88ff94d6d940321f66a36b9251241737a6 in develop branch)

• https://github.com/topcoder-platform/topcoder-react-utils:

  • Done in topcoder-react-utils-6917.patch (this patch again commit 84443feb7065263d805fe9fdab28fc37169955fc in develop branch)

To make this work we need to publish the above change in topcoder-react-utils, if changing the version of topcoder-react-utils we may need to update topcoder-react-utils version in https://github.com/topcoder-platform/community-app/blob/develop/package.json#L170