Fix a bug that CORS headers are missing in some HTTP responses

[FrankChen021]

Changelog category (leave one):

• Bug Fix (user-visible misbehavior in official stable or prestable release)

Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):

Fix a bug that CORS headers are missing in some HTTP responses

Description

In current implementation, for HTTP POST requests, CORS headers are added after user authentication. If the authentication fails, the returned HTTP response has no CORS headers. This leads some front-end libs, such as axios, fail to process the response - they can't even get the http status nor the error message because the missed headers block them to do so.

To make the front-end projects correctly handle such 403 exceptions or in case of any exception raised before CORS headers are added, we need to make some adjustment to current CORS handling, that is adding these headers before a query is processed.

BTW, there is a very old setting add_http_cors_header, this setting does not work if the authentication fails. The contradiction is we can only get the user setting after the authentication but the CORS processing requires us to add headers before any processing.

Link to #29155 for better understanding.

[FrankChen021]

Looks like the failures in CI are not relevant to these changes.

[FrankChen021]

Hello @yakov-olkhovskiy Can this be merged?

[yakov-olkhovskiy]

@FrankChen021 sure, but let me rerun integration test

[FrankChen021]

Thanks you @yakov-olkhovskiy for the review.

[isublimity]

After this fix, Tabix can`t send GET query to CH server, because it cannot pass the ORIGIN header.

If code like this, i think tabix work fine

if (settings.add_http_cors_header ||  ( !request.get("Origin", "").empty() && !config.has("http_options_response")))