Customizing IAP settings is now available only as part of a paid enterprise security subscription (BeyondCorp Enterprise). You can see the information from this article.
That article describes how to customize Identity-Aware Proxy (IAP) settings. With these settings, you can control behaviors including:
- Compatibility with Anthos and Istio on Google Kubernetes Engine.
- The handling of CORS preflight requests.
- How users are authenticated.
- The error page shown to users when access is denied.
An alternative is that you can support CORS requests on your App Engine by adding HTTP header to your app.yaml, for example:
handlers:
- url: /
...
http_headers:
Access-Control-Allow-Origin: https://URL
# ...
Note: if you wanted to allow everyone to access your assets, you could use the wildcard '*', instead of your URL