Skip to content

Commit 57fe08e

Browse files
adameatadameat
authored
fix CORS headers (#8303) (#8313)
1 parent 649471e commit 57fe08e

File tree

2 files changed

+14
-34
lines changed

2 files changed

+14
-34
lines changed

ydb/core/mon/async_http_mon.cpp

+2-2
Original file line numberDiff line numberDiff line change
@@ -245,9 +245,9 @@ class THttpMonLegacyActorRequest : public TActorBootstrapped<THttpMonLegacyActor
245245
response << "HTTP/1.1 204 No Content\r\n"
246246
"Access-Control-Allow-Origin: " << origin << "\r\n"
247247
"Access-Control-Allow-Credentials: true\r\n"
248-
"Access-Control-Allow-Headers: Content-Type,Authorization,Origin,Accept\r\n"
248+
"Access-Control-Allow-Headers: Content-Type,Authorization,Origin,Accept,X-Trace-Verbosity,X-Want-Trace\r\n"
249249
"Access-Control-Allow-Methods: OPTIONS, GET, POST, PUT, DELETE\r\n"
250-
"Content-Type: " + type + "\r\n"
250+
"Content-Type: " << type << "\r\n"
251251
"Connection: keep-alive\r\n\r\n";
252252
ReplyWith(request->CreateResponseString(response));
253253
PassAway();

ydb/core/viewer/viewer.cpp

+12-32
Original file line numberDiff line numberDiff line change
@@ -517,36 +517,12 @@ class TViewer : public TActorBootstrapped<TViewer>, public IViewer {
517517
if (type.empty()) {
518518
type = "application/json";
519519
}
520-
if (AllowOrigin) {
521-
ctx.Send(ev->Sender, new NMon::TEvHttpInfoRes(
522-
"HTTP/1.1 204 No Content\r\n"
523-
"Access-Control-Allow-Origin: " + AllowOrigin + "\r\n"
524-
"Access-Control-Allow-Credentials: true\r\n"
525-
"Access-Control-Allow-Headers: Content-Type,Authorization,Origin,Accept\r\n"
526-
"Access-Control-Allow-Methods: OPTIONS, GET, POST\r\n"
527-
"Allow: OPTIONS, GET, POST\r\n"
528-
"Content-Type: " + type + "\r\n"
529-
"Connection: Keep-Alive\r\n\r\n", 0, NMon::IEvHttpInfoRes::EContentType::Custom));
530-
} else {
531-
TString origin = TString(msg->Request.GetHeader("Origin"));
532-
if (!origin.empty()) {
533-
ctx.Send(ev->Sender, new NMon::TEvHttpInfoRes(
534-
"HTTP/1.1 204 No Content\r\n"
535-
"Access-Control-Allow-Origin: " + origin + "\r\n"
536-
"Access-Control-Allow-Credentials: true\r\n"
537-
"Access-Control-Allow-Headers: Content-Type,Authorization,Origin,Accept\r\n"
538-
"Access-Control-Allow-Methods: OPTIONS, GET, POST\r\n"
539-
"Allow: OPTIONS, GET, POST\r\n"
540-
"Content-Type: " + type + "\r\n"
541-
"Connection: Keep-Alive\r\n\r\n", 0, NMon::IEvHttpInfoRes::EContentType::Custom));
542-
} else {
543-
ctx.Send(ev->Sender, new NMon::TEvHttpInfoRes(
544-
"HTTP/1.1 204 No Content\r\n"
545-
"Allow: OPTIONS, GET, POST\r\n"
546-
"Content-Type: " + type + "\r\n"
547-
"Connection: Keep-Alive\r\n\r\n", 0, NMon::IEvHttpInfoRes::EContentType::Custom));
548-
}
549-
}
520+
TStringBuilder response;
521+
response << "HTTP/1.1 204 No Content\r\n";
522+
FillCORS(response, msg);
523+
response << "Content-Type: " + type + "\r\n"
524+
"Connection: Keep-Alive\r\n\r\n";
525+
Send(ev->Sender, new NMon::TEvHttpInfoRes(response, 0, NMon::IEvHttpInfoRes::EContentType::Custom));
550526
return;
551527
}
552528
TString path("/" + msg->Request.GetPage()->Path + msg->Request.GetPathInfo());
@@ -649,11 +625,15 @@ void TViewer::FillCORS(TStringBuilder& stream, const TRequestState& request) {
649625
} else if (request && request->Request.GetHeaders().HasHeader("Origin")) {
650626
origin = request->Request.GetHeader("Origin");
651627
}
628+
if (origin.empty()) {
629+
origin = "*";
630+
}
652631
if (origin) {
653632
stream << "Access-Control-Allow-Origin: " << origin << "\r\n"
654633
<< "Access-Control-Allow-Credentials: true\r\n"
655-
<< "Access-Control-Allow-Headers: Content-Type,Authorization,Origin,Accept\r\n"
656-
<< "Access-Control-Allow-Methods: OPTIONS, GET, POST\r\n";
634+
<< "Access-Control-Allow-Headers: Content-Type,Authorization,Origin,Accept,X-Trace-Verbosity,X-Want-Trace\r\n"
635+
<< "Access-Control-Allow-Methods: OPTIONS, GET, POST, DELETE\r\n"
636+
<< "Allow: OPTIONS, GET, POST, DELETE\r\n";
657637
}
658638
}
659639

0 commit comments

Comments
 (0)