Skip to content

Commit d6efedd

Browse files
author
Phil Varner
authored
allow configuration of CORS origin (#764)
* allow configuration of CORS origin * add cors credentials header * add other headers * update readme * update serverless example
1 parent eec307e commit d6efedd

File tree

4 files changed

+49
-28
lines changed

4 files changed

+49
-28
lines changed

CHANGELOG.md

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,22 +7,30 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
77

88
## [Unreleased]
99

10-
## Fixed
10+
### Fixed
1111

1212
- For the first item indexed in a new collection, if all values in the
1313
`proj:transform` array were integers, the values were typed as integers,
1414
which would then cause an error for subsequent items that had float values
1515
in the array.
1616

17+
### Added
18+
19+
- Allow the following CORS headers to be configured with configuration variables:
20+
- Access-Control-Allow-Origin: `CORS_ORIGIN`
21+
- Access-Control-Allow-Credentials: `CORS_CREDENTIALS`
22+
- Access-Control-Allow-Methods: `CORS_METHODS`
23+
- Access-Control-Allow-Headers: `CORS_HEADERS`
24+
1725
## [3.6.0] - 2024-02-07
1826

19-
## Changed
27+
### Changed
2028

2129
- Deprecated `grid_geohex_frequency`, `grid_geohash_frequency`, and
2230
`grid_geotile_frequency` aggregations in favor of new `centroid_geohash_grid_frequency`,
2331
`centroid_geohex_grid_frequency`, and `centroid_geotile_grid_frequency` aggregations
2432

25-
## Added
33+
### Added
2634

2735
- Added `geometry_geohash_grid_frequency` and `geometry_geotile_grid_frequency` that
2836
aggregate over the geometry of each Item rather than the centroid. Note that the geohex aggregation `geometry_geohex_grid_frequency` is **not** implemented, as OpenSearch 2.11

README.md

Lines changed: 27 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -516,29 +516,33 @@ cp serverless.example.yml serverless.yml
516516

517517
There are some settings that should be reviewed and updated as needeed in the serverless config file, under provider->environment:
518518

519-
| Name | Description | Default Value |
520-
| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------ |
521-
| OPENSEARCH_HOST | The URL of the OpenSearch cluster. | |
522-
| STAC_VERSION | The STAC version for the STAC objects returned by server. This should not be confused with the STAC API version. | 1.0.0 |
523-
| STAC_ID | ID of this catalog | stac-server |
524-
| STAC_TITLE | Title of this catalog | STAC API |
525-
| STAC_DESCRIPTION | Description of this catalog | A STAC API |
526-
| STAC_DOCS_URL | URL to documentation | [https://stac-utils.github.io/stac-server](https://stac-utils.github.io/stac-server) |
527-
| LOG_LEVEL | Level for logging (error, warn, info, http, verbose, debug, silly) | warn |
528-
| REQUEST_LOGGING_ENABLED | Express request logging enabled. String 'false' disables. | enabled |
529-
| REQUEST_LOGGING_FORMAT | Express request logging format to use. Any of the [Morgan predefined formats](https://github.com/expressjs/morgan#predefined-formats). | tiny |
530-
| STAC_API_URL | The root endpoint of this API | Inferred from request |
531-
| ENABLE_TRANSACTIONS_EXTENSION | Boolean specifying if the [Transaction Extension](https://github.com/radiantearth/stac-api-spec/tree/master/ogcapi-features/extensions/transaction) should be activated | false |
532-
| STAC_API_ROOTPATH | The path to append to URLs if this is not deployed at the server root. For example, if the server is deployed without a custom domain name, it will have the stage name (e.g., dev) in the path. | "" |
533-
| PRE_HOOK | The name of a Lambda function to be called as the pre-hook. | none |
534-
| POST_HOOK | The name of a Lambda function to be called as the post-hook. | none |
535-
| ES_COMPAT_MODE | Enable Elasticsearch 7.10 compatibility mdoe within the server. | false |
536-
| OPENSEARCH_CREDENTIALS_SECRET_ID | The AWS Secrets Manager secret use for the username and password to authenticate to OpenSearch. | |
537-
| OPENSEARCH_USERNAME | The username to authenticate to OpenSearch when AWS Secrets Manager is not used. | |
538-
| OPENSEARCH_PASSWORD | The password to authenticate to OpenSearch when AWS Secrets Manager is not used. | |
539-
| COLLECTION_TO_INDEX_MAPPINGS | A JSON object representing collection id to index name mappings if they do not have the same names. | |
540-
| ITEMS_INDICIES_NUM_OF_SHARDS | Configure the number of shards for the indices that contain Items. | none |
541-
| ITEMS_INDICIES_NUM_OF_REPLICAS | Configure the number of replicas for the indices that contain Items. | none |
519+
| Name | Description | Default Value |
520+
| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------ |
521+
| OPENSEARCH_HOST | The URL of the OpenSearch cluster. | |
522+
| STAC_VERSION | The STAC version for the STAC objects returned by server. This should not be confused with the STAC API version. | 1.0.0 |
523+
| STAC_ID | ID of this catalog | stac-server |
524+
| STAC_TITLE | Title of this catalog | STAC API |
525+
| STAC_DESCRIPTION | Description of this catalog | A STAC API |
526+
| STAC_DOCS_URL | URL to documentation | [https://stac-utils.github.io/stac-server](https://stac-utils.github.io/stac-server) |
527+
| LOG_LEVEL | Level for logging (error, warn, info, http, verbose, debug, silly) | warn |
528+
| REQUEST_LOGGING_ENABLED | Express request logging enabled. String 'false' disables. | enabled |
529+
| REQUEST_LOGGING_FORMAT | Express request logging format to use. Any of the [Morgan predefined formats](https://github.com/expressjs/morgan#predefined-formats). | tiny |
530+
| STAC_API_URL | The root endpoint of this API | Inferred from request |
531+
| ENABLE_TRANSACTIONS_EXTENSION | Boolean specifying if the [Transaction Extension](https://github.com/radiantearth/stac-api-spec/tree/master/ogcapi-features/extensions/transaction) should be activated | false |
532+
| STAC_API_ROOTPATH | The path to append to URLs if this is not deployed at the server root. For example, if the server is deployed without a custom domain name, it will have the stage name (e.g., dev) in the path. | "" |
533+
| PRE_HOOK | The name of a Lambda function to be called as the pre-hook. | none |
534+
| POST_HOOK | The name of a Lambda function to be called as the post-hook. | none |
535+
| ES_COMPAT_MODE | Enable Elasticsearch 7.10 compatibility mdoe within the server. | false |
536+
| OPENSEARCH_CREDENTIALS_SECRET_ID | The AWS Secrets Manager secret use for the username and password to authenticate to OpenSearch. | |
537+
| OPENSEARCH_USERNAME | The username to authenticate to OpenSearch when AWS Secrets Manager is not used. | |
538+
| OPENSEARCH_PASSWORD | The password to authenticate to OpenSearch when AWS Secrets Manager is not used. | |
539+
| COLLECTION_TO_INDEX_MAPPINGS | A JSON object representing collection id to index name mappings if they do not have the same names. | |
540+
| ITEMS_INDICIES_NUM_OF_SHARDS | Configure the number of shards for the indices that contain Items. | none |
541+
| ITEMS_INDICIES_NUM_OF_REPLICAS | Configure the number of replicas for the indices that contain Items. | none |
542+
| CORS_ORIGIN | Configure the value to send for the `Access-Control-Allow-Origin` CORS header. Should be set to the domain name of the UI if Basic Authentication is enable (e.g., `https://ui.example.com`). | `*` |
543+
| CORS_CREDENTIALS | Configure whether or not to send the `Access-Control-Allow-Credentials` CORS header. Header will be sent if set to `true`. | none |
544+
| CORS_METHODS | Configure whether or not to send the `Access-Control-Allow-Methods` CORS header. Expects a comma-delimited string, e.g., `GET,PUT,POST`. | `GET,HEAD,PUT,PATCH,POST,DELETE` |
545+
| CORS_HEADERS | Configure whether or not to send the `Access-Control-Allow-Headers` CORS header. Expects a comma-delimited string, e.g., `Content-Type,Authorization`. If not specified, defaults to reflecting the headers specified in the request’s `Access-Control-Request-Headers` header. | none |
542546

543547
Additionally, the credential for OpenSearch must be configured, as decribed in the
544548
section [Populating and accessing credentials](#populating-and-accessing-credentials).

serverless.example.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,9 @@ provider:
3131
# POST_HOOK: ${self:service}-${self:provider.stage}-postHook
3232
# If you will be subscribing to post-ingest SNS notifications make
3333
# sure that STAC_API_URL is set so that links are updated correctly
34-
STAC_API_URL: "https://some-stac-server.com"
34+
STAC_API_URL: "https://some-stac-server.example.com"
35+
CORS_ORIGIN: "https://ui.example.com"
36+
CORS_CREDENTIALS: true
3537
iam:
3638
role:
3739
statements:

0 commit comments

Comments
 (0)