Add CORS headers to API-like routes

2025-11-21 23:00:50 +03:00 · 2022-04-07 16:25:42 +02:00
parent b43817e66c
commit bc24e30867
8 changed files with 86 additions and 21 deletions
--- a/crates/http/src/ext.rs
+++ b/crates/http/src/ext.rs
@@ -12,8 +12,53 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

+use http::header::HeaderName;
+use once_cell::sync::OnceCell;
+use tower_http::cors::CorsLayer;
+
 use crate::layers::json::Json;

+static PROPAGATOR_HEADERS: OnceCell<Vec<HeaderName>> = OnceCell::new();
+
+/// Notify the CORS layer what opentelemetry propagators are being used. This
+/// helps whitelisting headers in CORS requests.
+///
+/// # Panics
+///
+/// When called twice
+pub fn set_propagator(propagator: &dyn opentelemetry::propagation::TextMapPropagator) {
+    let headers = propagator
+        .fields()
+        .map(|h| HeaderName::try_from(h).unwrap())
+        .collect();
+
+    tracing::debug!(
+        ?headers,
+        "Headers allowed in CORS requests for trace propagators set"
+    );
+    PROPAGATOR_HEADERS
+        .set(headers)
+        .expect(concat!(module_path!(), "::set_propagator was called twice"));
+}
+
+pub trait CorsLayerExt {
+    #[must_use]
+    fn allow_otel_headers<H>(self, headers: H) -> Self
+    where
+        H: IntoIterator<Item = HeaderName>;
+}
+
+impl CorsLayerExt for CorsLayer {
+    fn allow_otel_headers<H>(self, headers: H) -> Self
+    where
+        H: IntoIterator<Item = HeaderName>,
+    {
+        let base = PROPAGATOR_HEADERS.get().cloned().unwrap_or_default();
+        let headers: Vec<_> = headers.into_iter().chain(base.into_iter()).collect();
+        self.allow_headers(headers)
+    }
+}
+
 pub trait ServiceExt: Sized {
    fn json<T>(self) -> Json<Self, T>;
 }