GCP allows external HTTPS load balancers to be protected by Identity Aware Proxy (IAP), using your google account credentials to protect the web server behind the load balancer. This an easy way to protect web services you want to use internally. Sometimes you need to provide access within a website on another domain, however, such as another team's subdomain, or when using a third party service like Honeycomb.io's Secure Tenancy. This requires Cross-origin resource sharing, or CORS, to be enabled.
GCP can be configured to allow CORS requests across IAP, but the documentation is minimal. How do you actually enable it?
As of gcloud 277.0, this can be done through the gcloud beta iap settings command. Cloud Console support is coming soon. You want something like:
cat > settings <<EOF
accessSettings:
corsSettings:
allowHttpOptions: true
EOF
gcloud beta iap settings set settings \
--project=project-id \
--resource-type=compute \
--service=backend-service-name