ln-773-cors-configurator

L3 Worker - Configures CORS policy for development and production

Main Workflow

stateDiagram-v2 [*] --> ReceiveContext: Start ReceiveContext --> IdempotencyCheck: Context Valid IdempotencyCheck --> Skip: CORS Already Configured IdempotencyCheck --> Analyze: Not Configured Analyze --> DetectFrontend: Scan Project DetectFrontend --> DecisionPoints: Frontend Info DecisionPoints --> Generate: Configuration Decided Generate --> Validate: Files Generated Validate --> Return: Success Skip --> Return: Status = skipped Return --> [*]: Complete

CORS Request Flow

flowchart TD Request([Browser Request]) --> Preflight{Preflight Required?} Preflight -->|OPTIONS| PreflightReq[Preflight Request] Preflight -->|Simple| DirectReq[Direct Request] PreflightReq --> CheckOrigin{Origin Allowed?} DirectReq --> CheckOrigin CheckOrigin -->|Yes| CheckMethod{Method Allowed?} CheckOrigin -->|No| Block[403 Forbidden] CheckMethod -->|Yes| CheckHeaders{Headers Allowed?} CheckMethod -->|No| Block CheckHeaders -->|Yes| Allow[Add CORS Headers] CheckHeaders -->|No| Block Allow --> Response([Response to Browser]) Block --> ErrorResponse([CORS Error]) classDef success fill:#90EE90 classDef error fill:#FFB6C1 class Allow,Response success class Block,ErrorResponse error

Environment-Specific Policies

flowchart LR subgraph Development["Development Policy"] DevOrigins["Origins: localhost:*"] DevMethods["Methods: Any"] DevHeaders["Headers: Any"] DevCreds["Credentials: Yes"] DevCache["MaxAge: 0"] end subgraph Production["Production Policy"] ProdOrigins["Origins: Explicit Only"] ProdMethods["Methods: GET,POST,PUT,DELETE"] ProdHeaders["Headers: Content-Type,Authorization"] ProdCreds["Credentials: If Needed"] ProdCache["MaxAge: 86400"] end Env{Environment?} Env -->|Development| Development Env -->|Production| Production classDef dev fill:#87CEEB classDef prod fill:#90EE90 classDef warning fill:#FFB6C1 class DevOrigins,DevMethods,DevHeaders,DevCreds,DevCache dev class ProdOrigins,ProdMethods,ProdHeaders,ProdCreds,ProdCache prod

Security Considerations

flowchart TD subgraph DontDo["Security Anti-Patterns"] Wildcard["❌ Origin: * with Credentials"] AnyMethod["❌ AllowAnyMethod in Production"] HardcodedOrigins["❌ Hardcoded Production Origins"] end subgraph DoDo["Security Best Practices"] ExplicitOrigins["✓ Explicit Origins"] EnvVariables["✓ Origins from Environment"] LimitedMethods["✓ Limited Methods"] PreflightCache["✓ Preflight Caching"] end Security[CORS Security] --> DontDo Security --> DoDo classDef bad fill:#FFB6C1 classDef good fill:#90EE90 class Wildcard,AnyMethod,HardcodedOrigins bad class ExplicitOrigins,EnvVariables,LimitedMethods,PreflightCache good