Add missing CORS (#12877)

Author: StekPerepolnen

ydb/mvp/oidc_proxy/oidc_protected_page_nebius.cpp

@@ -41,6 +41,7 @@ void THandlerSessionServiceCheckNebius::HandleExchange(NHttp::TEvHttpProxy::TEvH
     if (!event->Get()->Response) {
         BLOG_D("Getting access token: Bad Request");
         NHttp::THeadersBuilder responseHeaders;
+        SetCORS(Request, &responseHeaders);
         responseHeaders.Set("Content-Type", "text/plain");
         return ReplyAndPassAway(Request->CreateResponse("400", "Bad Request", responseHeaders, event->Get()->Error));
     }

ydb/mvp/oidc_proxy/oidc_session_create.cpp

@@ -78,6 +78,7 @@ void THandlerSessionCreate::Handle(NHttp::TEvHttpProxy::TEvHttpIncomingResponse:
                 errorMessage =  "Wrong OIDC response";
             }
             NHttp::THeadersBuilder responseHeaders;
+            SetCORS(Request, &responseHeaders);
             responseHeaders.Set("Content-Type", "text/plain");
             return ReplyAndPassAway(Request->CreateResponse("400", "Bad Request", responseHeaders, errorMessage));
         } else {
@@ -87,6 +88,7 @@ void THandlerSessionCreate::Handle(NHttp::TEvHttpProxy::TEvHttpIncomingResponse:
         }
     } else {
         NHttp::THeadersBuilder responseHeaders;
+        SetCORS(Request, &responseHeaders);
         responseHeaders.Set("Content-Type", "text/plain");
         return ReplyAndPassAway(Request->CreateResponse("400", "Bad Request", responseHeaders, event->Get()->Error));
     }

ydb/mvp/oidc_proxy/oidc_session_create_nebius.cpp

@@ -39,6 +39,7 @@ void THandlerSessionCreateNebius::ProcessSessionToken(const TString& sessionToke
     BLOG_D("Set session cookie: (" << sessionCookieName << ": " << NKikimr::MaskTicket(sessionCookieValue) << ")");
 
     NHttp::THeadersBuilder responseHeaders;
+    SetCORS(Request, &responseHeaders);
     responseHeaders.Set("Set-Cookie", CreateSecureCookie(sessionCookieName, sessionCookieValue));
     responseHeaders.Set("Location", Context.GetRequestedAddress());
     ReplyAndPassAway(Request->CreateResponse("302", "Cookie set", responseHeaders));

ydb/mvp/oidc_proxy/openid_connect.cpp

@@ -95,6 +95,7 @@ NHttp::THttpOutgoingResponsePtr GetHttpOutgoingResponsePtr(const NHttp::THttpInc
                                                                      << request->Host
                                                                      << GetAuthCallbackUrl();
     NHttp::THeadersBuilder responseHeaders;
+    SetCORS(request, &responseHeaders);
     responseHeaders.Set("Set-Cookie", context.CreateYdbOidcCookie(settings.ClientSecret));
     if (context.IsAjaxRequest()) {
         return CreateResponseForAjaxRequest(request, responseHeaders, redirectUrl);