-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable CORS settings on OTLP HTTP endpoint #4586
Conversation
@yurishkuro , had to close the previous PR, had signed off commits that were not authored by me. I will make the updates on this PR. Sorry for the inconvinience. |
That's fine, but please refer to comments on the old PR |
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## main #4586 +/- ##
==========================================
+ Coverage 97.03% 97.05% +0.02%
==========================================
Files 301 302 +1
Lines 17839 17853 +14
==========================================
+ Hits 17310 17328 +18
+ Misses 424 421 -3
+ Partials 105 104 -1
Flags with carried forward coverage won't be shown. Click here to find out more.
☔ View full report in Codecov by Sentry. |
@yurishkuro , have added tests and since you had pointed out about the backward compatibility with Zipkin endpoint, fixed that. |
please run |
cmd/collector/app/server/zipkin.go
Outdated
origins := strings.Split(strings.ReplaceAll(params.AllowedOrigins, " ", ""), ",") | ||
headers := strings.Split(strings.ReplaceAll(params.AllowedHeaders, " ", ""), ",") | ||
allowedOrigins := strings.Split(strings.ReplaceAll(params.CORSConfig.AllowedOrigins, " ", ""), ",") | ||
allowedHeaders := strings.Split(strings.ReplaceAll(params.CORSConfig.AllowedHeaders, " ", ""), ",") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this can be done once in corscfg/flags when parsing from Viper
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done!
pkg/config/corscfg/flags.go
Outdated
} | ||
|
||
func (c Flags) AddFlags(flags *flag.FlagSet) { | ||
flags.String(c.Prefix+corsAllowedHeaders, "content-type", "Allowed headers for the HTTP port , default content-type") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
flags.String(c.Prefix+corsAllowedHeaders, "content-type", "Allowed headers for the HTTP port , default content-type") | |
flags.String(c.Prefix+corsAllowedHeaders, "content-type", "Comma-separated CORS allowed headers. Cf. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers") |
pkg/config/corscfg/flags_test.go
Outdated
v := viper.New() | ||
command := cobra.Command{} | ||
flagSet := &flag.FlagSet{} | ||
flagCfg := Flags{ | ||
Prefix: "prefix", | ||
} | ||
flagCfg.AddFlags(flagSet) | ||
command.PersistentFlags().AddGoFlagSet(flagSet) | ||
v.BindPFlags(command.PersistentFlags()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use Viperize
, e.g.
jaeger/cmd/query/app/flags_test.go
Line 35 in 587fb74
v, command := config.Viperize(AddFlags) |
almost done. Please make sure all commits are signed, see CONTRIBUTING |
477c439
to
cd33dce
Compare
Even after signing off previous commits, the DCO check doesnt seem to pass. i.e if I signoff the previous commit, it creates a new commit hash and the previous commit stays on the branch. Is there an alternate strategy you have for this @yurishkuro ? |
See CONTRIBUTING_GUIDELINES.md for how to deal with unsigned commits |
Signed-off-by: bugslayer-332 <[email protected]>
cd33dce
to
cf3b55e
Compare
Done, @yurishkuro should I change the default value of Allowed origins to nil ? Previously with Zipkin endpoint , * was the default value , so I had set that. But as you said, that doesnt seem right. |
Yes, I would change the default to |
Yes, we could do that. I checked the implementation of CORS in the confighttp.ServerSettings, they also seem to use cors.New to configure cors. This sets the default value for Origins being All, and Headers being the sensible ones. Should we prompt the user in the usage string regarding the same ? |
can you elaborate or point to code? |
If we absoutely dont want any CORS, we can do that. But if we set the value to "" in the cors flags default string, then here are the default values for them https://github.com/rs/cors/blob/e90f167479505c4dbe1161306c3c977f162c1442/cors.go#L136 |
what about OTEL receiver? If it's CORS struct is empty, does it still install a CORS handler, with said defaults? I am ok with going with blank defaults (which for Oorigins seems equivalent to current |
It doesnt. It does allow default value for Allowed headers if Allowed origins is specified. Else it does not install CORS handler at all. |
Let's just go with blank defaults and not over-complicate the logic. Sounds like doing so will be backwards compatible with both Zipkin and OTEL endpoints. |
Alright! |
Signed-off-by: bugslayer-332 <[email protected]>
Signed-off-by: bugslayer-332 <[email protected]>
Thanks! |
@pmuls99 While scrolling issues tab for CORS solution, I came across this PR. I have been strruggling in configuring/ disabling cors for OTEL's http receiver endpoint on port 4318. I'm getting below error on latest all-in-one build: Access to XMLHttpRequest at 'http://localhost:4318/v1/traces' from origin 'https://localhost:5173' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. I did try configuring over yaml, env and cli option for the flag: --collector.otlp.http.cors.allowed-origins While the same port 4318 is working fine for sending otel traces from nodejs backend service, however same fails from browser application on the same endpoint http://localhost:4318/v1/traces. Any help or direction what is going wrong or anything that I'm missing in configuring it. Thanks in Advance. |
@vikashpisces , is your nodejs backend hosted somewhere and not running on the local host? |
@pmuls99 Never mind, I was only passing allowed_origins and it did'nt work. I had to add allowed_headers as well and it worked, not sure why. Ideally Access-Control-Allow-Origin header should have been added without allowed_headers being not there. |
@vikashpisces please post the full command that worked for you so that it's easier for people to reuse when someone comes across this |
This worked for me: jaeger-all-in-one \
--collector.otlp.http.cors.allowed-origins https://my.origin \
--collector.otlp.http.cors.allowed-headers '*' \
--collector.otlp.http.tls.enabled \
--collector.otlp.http.tls.cert jaeger.crt \
--collector.otlp.http.tls.key jaeger.key This didn't. jaeger-all-in-one \
--collector.otlp.http.cors.allowed-origins https://my.origin \
--collector.otlp.http.tls.enabled \
--collector.otlp.http.tls.cert jaeger.crt \
--collector.otlp.http.tls.key jaeger.key The TLS stuff is probably only necessary for setups like mine that have the root page served over HTTPS. |
Which problem is this PR solving?
Short description of the changes