open-banking-gateway
open-banking-gateway copied to clipboard
Control CORS at gateway/load balancer level (i.e. in HAProxy etc.)
Now we're using temporary solution which allows all other resources @CrossOrigin(origins = "*") For better security it should be handled at gateway level
This would require to reconfigure openshift on cluster level. The admin team will not permit us to achieve these changes.
The only solution would be to deploy another HAProxy inside our project. But I strongly advise to do CORS setup on application level instead.
@valb3r I know that you would really prefer it on environment level :) But can you go with that?
@tnein I can go with it but in general, I would expect that we will need to have a more flexible load balancer. The current environment is no-go for production (the production that may include sticky sessions for efficient caching), but it is fine for the MVP.
https://jira.adorsys.de/browse/OBG-75