Skip to content

Commit

Permalink
Add cors_allowed_headers option to confighttp
Browse files Browse the repository at this point in the history
  • Loading branch information
pmm-sumo committed Feb 10, 2021
1 parent 88ab1a6 commit bd6259d
Show file tree
Hide file tree
Showing 5 changed files with 43 additions and 9 deletions.
11 changes: 8 additions & 3 deletions config/confighttp/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,12 @@ exporter:
[Receivers](https://github.com/open-telemetry/opentelemetry-collector/blob/main/receiver/README.md)
leverage server configuration.
- [`cors_allowed_origins`](https://github.com/rs/cors): An empty list means
that CORS is not enabled at all. A wildcard can be used to match any origin
or one or more characters of an origin.
- [`cors_allowed_origins`](https://github.com/rs/cors): An empty list here and
in `cors_allowed_headers` means that CORS is not enabled at all.
A wildcard can be used to match any origin or one or more characters of an origin.
- [`cors_allowed_headers`](https://github.com/rs/cors): An empty list here and
in `cors_allowed_origins` means that CORS is not enabled at all.
A wildcard can be used to match any header or one or more characters in the header.
- `endpoint`: Valid value syntax available [here](https://github.com/grpc/grpc/blob/master/doc/naming.md)
- [`tls_settings`](../configtls/README.md)

Expand All @@ -50,6 +53,8 @@ receivers:
cors_allowed_origins:
- https://foo.bar.com
- https://*.test.com
cors_allowed_headers:
- ExampleHeader
endpoint: 0.0.0.0:55690
protocols:
http:
Expand Down
14 changes: 10 additions & 4 deletions config/confighttp/confighttp.go
Original file line number Diff line number Diff line change
Expand Up @@ -111,9 +111,15 @@ type HTTPServerSettings struct {

// CorsOrigins are the allowed CORS origins for HTTP/JSON requests to grpc-gateway adapter
// for the OTLP receiver. See github.com/rs/cors
// An empty list means that CORS is not enabled at all. A wildcard (*) can be
// used to match any origin or one or more characters of an origin.
// An empty CorsOrigins and CorsHeaders means that CORS is not enabled at all.
// A wildcard (*) can be used to match any origin or one or more characters of an origin.
CorsOrigins []string `mapstructure:"cors_allowed_origins"`

// CorsHeaders are the allowed CORS headers for HTTP/JSON requests to grpc-gateway adapter
// for the OTLP receiver. See github.com/rs/cors
// An empty CorsOrigins and CorsHeaders means that CORS is not enabled at all.
// A wildcard (*) can be used to match any header or one or more characters of a header.
CorsHeaders []string `mapstructure:"cors_allowed_headers"`
}

func (hss *HTTPServerSettings) ToListener() (net.Listener, error) {
Expand Down Expand Up @@ -154,8 +160,8 @@ func (hss *HTTPServerSettings) ToServer(handler http.Handler, opts ...ToServerOp
for _, o := range opts {
o(serverOpts)
}
if len(hss.CorsOrigins) > 0 {
co := cors.Options{AllowedOrigins: hss.CorsOrigins}
if len(hss.CorsOrigins) > 0 || len(hss.CorsHeaders) > 0 {
co := cors.Options{AllowedOrigins: hss.CorsOrigins, AllowedHeaders: hss.CorsHeaders}
handler = cors.New(co).Handler(handler)
}
handler = middleware.HTTPContentDecompressor(
Expand Down
5 changes: 4 additions & 1 deletion receiver/otlpreceiver/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,8 @@ port is `55681`.

The HTTP/JSON endpoint can also optionally configure
[CORS](https://fetch.spec.whatwg.org/#cors-protocol), which is enabled by
specifying a list of allowed CORS origins in the `cors_allowed_origins` field:
specifying a list of allowed CORS origins in the `cors_allowed_origins` and/or
`cors_allowed_headers` fields:

```yaml
receivers:
Expand All @@ -64,4 +65,6 @@ receivers:
- http://test.com
# Origins can have wildcards with *, use * by itself to match any origin.
- https://*.example.com
cors_allowed_headers:
- TestHeader
```
16 changes: 15 additions & 1 deletion receiver/otlpreceiver/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ func TestLoadConfig(t *testing.T) {
require.NoError(t, err)
require.NotNil(t, cfg)

assert.Equal(t, len(cfg.Receivers), 9)
assert.Equal(t, len(cfg.Receivers), 10)

assert.Equal(t, cfg.Receivers["otlp"], factory.CreateDefaultConfig())

Expand Down Expand Up @@ -176,6 +176,20 @@ func TestLoadConfig(t *testing.T) {
},
})

assert.Equal(t, cfg.Receivers["otlp/corsheader"],
&Config{
ReceiverSettings: configmodels.ReceiverSettings{
TypeVal: typeStr,
NameVal: "otlp/corsheader",
},
Protocols: Protocols{
HTTP: &confighttp.HTTPServerSettings{
Endpoint: "0.0.0.0:55681",
CorsHeaders: []string{"ExampleHeader"},
},
},
})

assert.Equal(t, cfg.Receivers["otlp/uds"],
&Config{
ReceiverSettings: configmodels.ReceiverSettings{
Expand Down
6 changes: 6 additions & 0 deletions receiver/otlpreceiver/testdata/config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,12 @@ receivers:
cors_allowed_origins:
- https://*.test.com # Wildcard subdomain. Allows domains like https://www.test.com and https://foo.test.com but not https://wwwtest.com.
- https://test.com # Fully qualified domain name. Allows https://test.com only.
# The following entry demonstrates how to use CORS Header configuration.
otlp/corsheader:
protocols:
http:
cors_allowed_headers:
- ExampleHeader
processors:
exampleprocessor:

Expand Down

0 comments on commit bd6259d

Please sign in to comment.