Add CORS headers to API-like routes

crates/http/src/ext.rs

@@ -12,8 +12,53 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+use http::header::HeaderName;
+use once_cell::sync::OnceCell;
+use tower_http::cors::CorsLayer;
+
 use crate::layers::json::Json;
 
+static PROPAGATOR_HEADERS: OnceCell<Vec<HeaderName>> = OnceCell::new();
+
+/// Notify the CORS layer what opentelemetry propagators are being used. This
+/// helps whitelisting headers in CORS requests.
+///
+/// # Panics
+///
+/// When called twice
+pub fn set_propagator(propagator: &dyn opentelemetry::propagation::TextMapPropagator) {
+    let headers = propagator
+        .fields()
+        .map(|h| HeaderName::try_from(h).unwrap())
+        .collect();
+
+    tracing::debug!(
+        ?headers,
+        "Headers allowed in CORS requests for trace propagators set"
+    );
+    PROPAGATOR_HEADERS
+        .set(headers)
+        .expect(concat!(module_path!(), "::set_propagator was called twice"));
+}
+
+pub trait CorsLayerExt {
+    #[must_use]
+    fn allow_otel_headers<H>(self, headers: H) -> Self
+    where
+        H: IntoIterator<Item = HeaderName>;
+}
+
+impl CorsLayerExt for CorsLayer {
+    fn allow_otel_headers<H>(self, headers: H) -> Self
+    where
+        H: IntoIterator<Item = HeaderName>,
+    {
+        let base = PROPAGATOR_HEADERS.get().cloned().unwrap_or_default();
+        let headers: Vec<_> = headers.into_iter().chain(base.into_iter()).collect();
+        self.allow_headers(headers)
+    }
+}
+
 pub trait ServiceExt: Sized {
     fn json<T>(self) -> Json<Self, T>;
 }

crates/http/src/lib.rs

@@ -47,7 +47,7 @@ mod future_service;
 mod layers;
 
 pub use self::{
-    ext::ServiceExt as HttpServiceExt,
+    ext::{set_propagator, CorsLayerExt, ServiceExt as HttpServiceExt},
     future_service::FutureService,
     layers::{client::ClientLayer, json::JsonResponseLayer, otel, server::ServerLayer},
 };