We have deployed an API through cloud run, and have set up authentication to work through the IAP preview. So far it has been working well, minus some issue setting up the server-side authentication.
However, we’re having an issue during integration where we can’t send “non-simple requests” to the backend because it’s sending a preflight request that doesn’t contain any of the authorization headers. This gets a 401 UNAUTHORIZED from IAP, which leads to the whole request failing.
I found this article which explains how to bypass it with App Engine, but it doesn’t seem like the corresponding endpoints exist for Cloud Run. Any help getting this working would be much appreciated.
curl — request PATCH \
“https://iap.googleapis.com/v1/projects/${PROJECT}/iap_web/appengine-${PROJECT}/services/${SVCNAME}:iapSettings" \
--header “Authorization: Bearer ${TOKEN}” \
--header ‘Accept: application/json’ \
--header ‘Content-Type: application/json’ \
--data ‘{“accessSettings”:{“corsSettings”:{“allowHttpOptions”:true}}}’ \
--compressed