Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

4.x CORS configuration ignored for automatically-discovered Helidon-provided services (health, metrics) #8026

Closed
tjquinno opened this issue Nov 17, 2023 · 0 comments · Fixed by #8212
Closed

4.x CORS configuration ignored for automatically-discovered Helidon-provided services (health, metrics) #8026

tjquinno opened this issue Nov 17, 2023 · 0 comments · Fixed by #8212
Assignees
@tjquinno
Labels
4.x Version 4.x bug Something isn't working cors Related to CORS support docs P2
Projects
Backlog
Milestone
4.0.3

Comments

@tjquinno
Copy link
Member

tjquinno commented Nov 17, 2023
edited

Environment Details

  • Helidon Version: 4.0.0
  • Helidon SE or Helidon MP
  • JDK version:
  • OS:
  • Docker version (if applicable):

Problem Description

The Helidon-provided services (OpenAPI, metrics, health...maybe new observers as well??) should--and are documented as--supporting CORS via configuration.

But seemingly the service-specific configuration is ignored.

This could be related to #8024 as opposed to something specific to the built-in services, but double-checking the built-in service support for CORS merits its own issue.

This could be a side-effect of converting metrics and health to observers that are discovered implicitly. In 3.x the doc showed how to construct the HealthSupport or MetricsSupport instance and also provide the CORS settings as the services were added to the routing.

Steps to reproduce

  1. Start with the SE CORS example (because it already has the CORS-related dependencies).
  2. Add the following to application.yaml (as described in our CORS documentation): 
    health:
  cors:
    allow-origins: ["http://here.com"]
    allow-methods: ["GET", "HEAD"]
  3. Build and start the server.
  4. Run curl -i -H "Origin: http://bad.com" -H "Host: localhost:8080" http://localhost:8080/observe/health which should be rejected (bad.com is not one of the allowed origins) but the server returns the normal health response of 204.
@tjquinno tjquinno added cors Related to CORS support 4.x Version 4.x labels Nov 17, 2023
@tjquinno tjquinno added this to Triage in Backlog via automation Nov 17, 2023
@barchetta barchetta added bug Something isn't working P2 docs labels Dec 18, 2023
@barchetta barchetta moved this from Triage to Normal priority in Backlog Dec 18, 2023
@barchetta barchetta added this to the 4.0.3 milestone Dec 18, 2023
@tjquinno tjquinno moved this from Normal priority to Sprint Scope in Backlog Jan 8, 2024
@tjquinno tjquinno mentioned this issue Jan 8, 2024
Merged
Backlog automation moved this from Sprint Scope to Closed Jan 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tjquinno tjquinno

Labels
4.x Version 4.x bug Something isn't working cors Related to CORS support docs P2
Projects
Backlog
  
Closed
Milestone
4.0.3
Development

Successfully merging a pull request may close this issue.

Add a little logic to CORS config processing and significantly update the CORS doc tjquinno/helidon
2 participants
@barchetta @tjquinno