allow tracing headers for whoami CORS

quisido · Apr 22, 2024 · df35271 · df35271
1 parent 76ea0d6
commit df35271
Show file tree

Hide file tree

Showing 7 changed files with 44 additions and 36 deletions.
diff --git a/.vscode/extensions.json b/.vscode/extensions.json
@@ -6,7 +6,6 @@
     "github.vscode-github-actions",
     "mariusschulz.yarn-lock-syntax",
     "redhat.vscode-yaml",
-    "tamasfe.even-better-toml",
-    "tomoki1207.pdf"
+    "tamasfe.even-better-toml"
   ]
 }
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -2,9 +2,9 @@
   "version": "0.2.0",
   "configurations": [
     {
-      "name": "Start",
+      "name": "Development server",
       "request": "launch",
-      "runtimeArgs": ["run", "start"],
+      "runtimeArgs": ["run", "quisido"],
       "runtimeExecutable": "yarn",
       "type": "node",
       "skipFiles": [

diff --git a/packages/next/package.json b/packages/next/package.json
@@ -83,7 +83,7 @@
     "react-datadog": "workspace:^",
     "react-dom": "^18.2.0",
     "react-innertext": "^1.1.5",
-    "recharts": "^2.12.5",
+    "recharts": "^2.12.6",
     "relative-timestamp": "^1.0.0",
     "sentry-react": "workspace:^",
     "sharp": "^0.33.3",

diff --git a/packages/whoami/src/constants/headers-init.ts b/packages/whoami/src/constants/headers-init.ts
@@ -0,0 +1,7 @@
+export const HEADERS_INIT: HeadersInit = {
+  'Access-Control-Allow-Credentials': 'true',
+  'Access-Control-Allow-Headers': 'Baggage, Sentry-Trace',
+  'Access-Control-Allow-Methods': 'GET, OPTIONS',
+  'Access-Control-Allow-Origin': 'quisi.do',
+  Allow: 'GET, OPTIONS',
+};
diff --git a/packages/whoami/src/constants/responses.ts b/packages/whoami/src/constants/responses.ts
@@ -7,30 +7,33 @@
  *   be-performed-while-handling-a-request-3bne
  */
 
+import { HEADERS_INIT } from "./headers-init.js";
+
+const CACHE_HEADERS_INIT: HeadersInit = {
+  'Access-Control-Max-Age': '31536000',
+  'Cache-Control': 'immutable, max-age=31536000, public',
+};
+
 export const FAVICON_RESPONSE_BODY: BodyInit =
   '%00%00%01%00%01%00%01%01%00%00%01%00%20%000%00%00%00%16%00%00%00(%00%00%00%01%00%00%00%02%00%00%00%01%00%20%00%00%00%00%00%08%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00';
 
 export const FAVICON_RESPONSE_INIT: ResponseInit = {
   status: 200,
+
   headers: new Headers({
-    'Access-Control-Allow-Headers': 'Authorization',
-    'Access-Control-Allow-Methods': 'GET, OPTIONS',
-    'Access-Control-Max-Age': '31536000',
-    Allow: 'GET, OPTIONS',
-    'Cache-Control': 'immutable, max-age=31536000, public',
+    ...HEADERS_INIT,
+    ...CACHE_HEADERS_INIT,
     'Content-Type': 'image/x-icon; charset=utf-8',
   }),
 };
 
 export const ROBOTS_RESPONSE_BODY: BodyInit = 'Disallow: *';
 export const ROBOTS_RESPONSE_INIT: ResponseInit = {
   status: 200,
+
   headers: new Headers({
-    'Access-Control-Allow-Headers': 'Authorization',
-    'Access-Control-Allow-Methods': 'GET, OPTIONS',
-    'Access-Control-Max-Age': '31536000',
-    Allow: 'GET, OPTIONS',
-    'Cache-Control': 'immutable, max-age=31536000, public',
+    ...HEADERS_INIT,
+    ...CACHE_HEADERS_INIT,
     'Content-Type': 'text/plain; charset=utf-8',
   }),
 };
diff --git a/packages/whoami/src/features/fetch.ts b/packages/whoami/src/features/fetch.ts
@@ -1,4 +1,5 @@
 /// <reference types="@cloudflare/workers-types" />
+import { HEADERS_INIT } from '../constants/headers-init.js';
 import ResponseCode from '../constants/response-code.js';
 import {
   FAVICON_RESPONSE_BODY,
@@ -22,11 +23,9 @@ import mapHeadersToCookies from '../utils/map-headers-to-cookies.js';
 const authnIdIdMap: Map<string, string> = new Map();
 const BASE = 10;
 const throttleCacheMiss = createThrottler();
-const HEADERS_INIT: HeadersInit = {
-  'Access-Control-Allow-Credentials': 'true',
-  'Access-Control-Allow-Methods': 'GET, OPTIONS',
-  'Access-Control-Allow-Origin': 'quisi.do',
-  Allow: 'GET, OPTIONS',
+
+const JSON_HEADERS_INIT: HeadersInit = {
+  ...HEADERS_INIT,
   'Content-Type': 'text/json; charset=utf-8',
 };
 
@@ -54,7 +53,7 @@ export default (async function fetch(
         message: 'A cookie domain was not specified.',
       }),
       {
-        headers: new Headers(HEADERS_INIT),
+        headers: new Headers(JSON_HEADERS_INIT),
         status: StatusCode.InternalServerError,
       },
     );
@@ -65,7 +64,7 @@ export default (async function fetch(
   }`;
 
   const headers: Headers = new Headers({
-    ...HEADERS_INIT,
+    ...JSON_HEADERS_INIT,
     'Access-Control-Allow-Origin': ACCESS_CONTROL_ALLOW_ORIGIN,
   });
 

diff --git a/yarn.lock b/yarn.lock
@@ -5129,7 +5129,7 @@ __metadata:
     react-datadog: "workspace:^"
     react-dom: "npm:^18.2.0"
     react-innertext: "npm:^1.1.5"
-    recharts: "npm:^2.12.5"
+    recharts: "npm:^2.12.6"
     relative-timestamp: "npm:^1.0.0"
     sass: "npm:^1.75.0"
     sentry-react: "workspace:^"
@@ -8614,9 +8614,9 @@ __metadata:
   linkType: hard
 
 "caniuse-lite@npm:^1.0.30001579, caniuse-lite@npm:^1.0.30001587, caniuse-lite@npm:^1.0.30001599":
-  version: 1.0.30001611
-  resolution: "caniuse-lite@npm:1.0.30001611"
-  checksum: 10c0/e6d6549a42b811212f6c4ef2798c45ab5a19484aaee0fa550ec20632a49638d3e53b64e088664d2efab0c5a278d1f8d1dec4654fbce11194e6ec1dc4ba5df466
+  version: 1.0.30001612
+  resolution: "caniuse-lite@npm:1.0.30001612"
+  checksum: 10c0/d6b405ff06f4e913bc779f9183fa68001c9d6b8526a7dd1b99c60587dd21a01aa8def3d8462cf6214f0181f1c21b9245611ff65241cf9c967fc742e86ece5065
   languageName: node
   linkType: hard
 
@@ -15095,9 +15095,9 @@ __metadata:
   linkType: soft
 
 "nwsapi@npm:^2.2.2":
-  version: 2.2.8
-  resolution: "nwsapi@npm:2.2.8"
-  checksum: 10c0/3f99a09547a704334d7b85b0de0db36f761d8c880d3f50d43cddfe93368bb9ce86879650dac84510b69b8eb94c2f513d6991a9e576013510a6cb5395ff498dcb
+  version: 2.2.9
+  resolution: "nwsapi@npm:2.2.9"
+  checksum: 10c0/e6ebbaedf44d1c1e13f7193e5129c8da1b2e8064862b70458ab9bd9e9640b8ad035a0e48d509e787527ecdddea74d5a02798420cd971264a4e03c2b173fadac8
   languageName: node
   linkType: hard
 
@@ -16267,9 +16267,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"recharts@npm:^2.12.5":
-  version: 2.12.5
-  resolution: "recharts@npm:2.12.5"
+"recharts@npm:^2.12.6":
+  version: 2.12.6
+  resolution: "recharts@npm:2.12.6"
   dependencies:
     clsx: "npm:^2.0.0"
     eventemitter3: "npm:^4.0.1"
@@ -16282,7 +16282,7 @@ __metadata:
   peerDependencies:
     react: ^16.0.0 || ^17.0.0 || ^18.0.0
     react-dom: ^16.0.0 || ^17.0.0 || ^18.0.0
-  checksum: 10c0/7bf7df9b7aa927cc3eacf1a37d261f47319321fd62bfcef6c7cfead8c2cf3198a27779672c5dd61c14ac46031efe7bfd3c2a7d854c68f527ebf1c277bb87f142
+  checksum: 10c0/df21d5e7c33d8dc341a9186b414169b49deb1bceb73d0a265d3ef58791555680d2ed6b0fcaa88c2ebb3d12b5f3ee5f25c23e76bcc934a226127af9d5dd99ab3a
   languageName: node
   linkType: hard
 
@@ -19344,9 +19344,9 @@ __metadata:
   linkType: hard
 
 "zod@npm:^3.20.6":
-  version: 3.22.5
-  resolution: "zod@npm:3.22.5"
-  checksum: 10c0/efa969e9c0a836e4c299ff86f6db7ccf5e14c5349586694e999b7beb53fcc797b9292bc3179b0b5f43e42bcc4ae184bf202fde3f28694bf9fb8b567779c2e12b
+  version: 3.23.0
+  resolution: "zod@npm:3.23.0"
+  checksum: 10c0/9678cc8bb4943b05145015430d730cae31564489816854cac23718344ffc26855b33e6744c948dd7906acb337108d9881298de4851ceaa290425222827492568
   languageName: node
   linkType: hard