Add cors_allowed_headers option to confighttp

open-telemetry · Feb 11, 2021 · 4daf016 · 4daf016
1 parent 9de6dd7
commit 4daf016
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 9 deletions.
diff --git a/config/confighttp/README.md b/config/confighttp/README.md
@@ -36,9 +36,12 @@ exporter:
 [Receivers](https://github.com/open-telemetry/opentelemetry-collector/blob/main/receiver/README.md)
 leverage server configuration.
 
-- [`cors_allowed_origins`](https://github.com/rs/cors): An empty list means
-  that CORS is not enabled at all. A wildcard can be used to match any origin
-  or one or more characters of an origin.
+- [`cors_allowed_origins`](https://github.com/rs/cors): An empty list here and
+  in `cors_allowed_headers` means that CORS is not enabled at all. 
+  A wildcard can be used to match any origin or one or more characters of an origin.
+- [`cors_allowed_headers`](https://github.com/rs/cors): An empty list here and 
+  in `cors_allowed_origins` means that CORS is not enabled at all. 
+  A wildcard can be used to match any header or one or more characters in the header.
 - `endpoint`: Valid value syntax available [here](https://github.com/grpc/grpc/blob/master/doc/naming.md)
 - [`tls_settings`](../configtls/README.md)
 
@@ -50,6 +53,8 @@ receivers:
     cors_allowed_origins:
     - https://foo.bar.com
     - https://*.test.com
+    cors_allowed_headers:
+    - ExampleHeader
     endpoint: 0.0.0.0:55690
     protocols:
       http:

diff --git a/config/confighttp/confighttp.go b/config/confighttp/confighttp.go
@@ -111,9 +111,15 @@ type HTTPServerSettings struct {
 
 	// CorsOrigins are the allowed CORS origins for HTTP/JSON requests to grpc-gateway adapter
 	// for the OTLP receiver. See github.com/rs/cors
-	// An empty list means that CORS is not enabled at all. A wildcard (*) can be
-	// used to match any origin or one or more characters of an origin.
+	// An empty CorsOrigins and CorsHeaders means that CORS is not enabled at all.
+	// A wildcard (*) can be used to match any origin or one or more characters of an origin.
 	CorsOrigins []string `mapstructure:"cors_allowed_origins"`
+
+	// CorsHeaders are the allowed CORS headers for HTTP/JSON requests to grpc-gateway adapter
+	// for the OTLP receiver. See github.com/rs/cors
+	// An empty CorsOrigins and CorsHeaders means that CORS is not enabled at all.
+	// A wildcard (*) can be used to match any header or one or more characters of a header.
+	CorsHeaders []string `mapstructure:"cors_allowed_headers"`
 }
 
 func (hss *HTTPServerSettings) ToListener() (net.Listener, error) {
@@ -154,8 +160,8 @@ func (hss *HTTPServerSettings) ToServer(handler http.Handler, opts ...ToServerOp
 	for _, o := range opts {
 		o(serverOpts)
 	}
-	if len(hss.CorsOrigins) > 0 {
-		co := cors.Options{AllowedOrigins: hss.CorsOrigins}
+	if len(hss.CorsOrigins) > 0 || len(hss.CorsHeaders) > 0 {
+		co := cors.Options{AllowedOrigins: hss.CorsOrigins, AllowedHeaders: hss.CorsHeaders}
 		handler = cors.New(co).Handler(handler)
 	}
 	handler = middleware.HTTPContentDecompressor(

diff --git a/receiver/otlpreceiver/README.md b/receiver/otlpreceiver/README.md
@@ -52,7 +52,8 @@ port is `55681`.
 
 The HTTP/JSON endpoint can also optionally configure
 [CORS](https://fetch.spec.whatwg.org/#cors-protocol), which is enabled by
-specifying a list of allowed CORS origins in the `cors_allowed_origins` field:
+specifying a list of allowed CORS origins in the `cors_allowed_origins` and/or
+`cors_allowed_headers` fields:
 
 ```yaml
 receivers:
@@ -64,4 +65,6 @@ receivers:
         - http://test.com
         # Origins can have wildcards with *, use * by itself to match any origin.
         - https://*.example.com
+        cors_allowed_headers:
+        - TestHeader
 ```
diff --git a/receiver/otlpreceiver/config_test.go b/receiver/otlpreceiver/config_test.go
@@ -42,7 +42,7 @@ func TestLoadConfig(t *testing.T) {
 	require.NoError(t, err)
 	require.NotNil(t, cfg)
 
-	assert.Equal(t, len(cfg.Receivers), 9)
+	assert.Equal(t, len(cfg.Receivers), 10)
 
 	assert.Equal(t, cfg.Receivers["otlp"], factory.CreateDefaultConfig())
 
@@ -176,6 +176,20 @@ func TestLoadConfig(t *testing.T) {
 			},
 		})
 
+	assert.Equal(t, cfg.Receivers["otlp/corsheader"],
+		&Config{
+			ReceiverSettings: configmodels.ReceiverSettings{
+				TypeVal: typeStr,
+				NameVal: "otlp/corsheader",
+			},
+			Protocols: Protocols{
+				HTTP: &confighttp.HTTPServerSettings{
+					Endpoint:    "0.0.0.0:55681",
+					CorsHeaders: []string{"ExampleHeader"},
+				},
+			},
+		})
+
 	assert.Equal(t, cfg.Receivers["otlp/uds"],
 		&Config{
 			ReceiverSettings: configmodels.ReceiverSettings{

diff --git a/receiver/otlpreceiver/testdata/config.yaml b/receiver/otlpreceiver/testdata/config.yaml
@@ -78,6 +78,12 @@ receivers:
         cors_allowed_origins:
         - https://*.test.com # Wildcard subdomain. Allows domains like https://www.test.com and https://foo.test.com but not https://wwwtest.com.
         - https://test.com # Fully qualified domain name. Allows https://test.com only.
+  # The following entry demonstrates how to use CORS Header configuration.
+  otlp/corsheader:
+    protocols:
+      http:
+        cors_allowed_headers:
+          - ExampleHeader
 processors:
   exampleprocessor: