Merge pull request #733 from oasisprotocol/andrew7234/always-use-cors

always enable cors middleware, even on failing requests
oasisprotocol · Aug 2, 2024 · 78bbdbb · 78bbdbb
2 parents 13805ba + d6abf3d
commit 78bbdbb
Show file tree

Hide file tree

Showing 10 changed files with 12 additions and 1 deletion.
diff --git a/.changelog/733.trivial.md b/.changelog/733.trivial.md
@@ -0,0 +1 @@
+api: always enable cors
diff --git a/cmd/api/api.go b/cmd/api/api.go
@@ -183,11 +183,13 @@ func (s *Service) Start() {
 			BaseURL: v1BaseURL,
 			Middlewares: []apiTypes.MiddlewareFunc{
 				api.RuntimeFromURLMiddleware(v1BaseURL),
-				api.CorsMiddleware,
 			},
 			BaseRouter:       baseRouter,
 			ErrorHandlerFunc: api.HumanReadableJsonErrorHandler,
 		})
+	// Manually apply the CORS middleware; we want it to run always.
+	// HandlerWithOptions() above does not apply it to some requests (404 URLs, requests with bad params, etc.).
+	handler = api.CorsMiddleware(handler)
 	// Manually apply the metrics middleware; we want it to run always, and at the outermost layer.
 	// HandlerWithOptions() above does not apply it to some requests (404 URLs, requests with bad params, etc.).
 	handler = api.MetricsMiddleware(metrics.NewDefaultRequestMetrics(moduleName), *s.logger)(handler)

diff --git a/tests/e2e_regression/damask/expected/bad_account.headers b/tests/e2e_regression/damask/expected/bad_account.headers
@@ -1,5 +1,6 @@
 HTTP/1.1 400 Bad Request
 Content-Type: application/json; charset=utf-8
+Vary: Origin
 X-Content-Type-Options: nosniff
 Date: UNINTERESTING
 Content-Length: UNINTERESTING

diff --git a/tests/e2e_regression/damask/expected/bad_node.headers b/tests/e2e_regression/damask/expected/bad_node.headers
@@ -1,5 +1,6 @@
 HTTP/1.1 400 Bad Request
 Content-Type: application/json; charset=utf-8
+Vary: Origin
 X-Content-Type-Options: nosniff
 Date: UNINTERESTING
 Content-Length: UNINTERESTING

diff --git a/tests/e2e_regression/damask/expected/spec.headers b/tests/e2e_regression/damask/expected/spec.headers
@@ -3,5 +3,6 @@ Accept-Ranges: bytes
 Content-Length: UNINTERESTING
 Content-Type: application/x-yaml
 Last-Modified: UNINTERESTING
+Vary: Origin
 Date: UNINTERESTING
 
diff --git a/tests/e2e_regression/damask/expected/trailing_slash.headers b/tests/e2e_regression/damask/expected/trailing_slash.headers
@@ -1,5 +1,6 @@
 HTTP/1.1 404 Not Found
 Content-Type: text/plain; charset=utf-8
+Vary: Origin
 X-Content-Type-Options: nosniff
 Date: UNINTERESTING
 Content-Length: UNINTERESTING

diff --git a/tests/e2e_regression/eden/expected/bad_account.headers b/tests/e2e_regression/eden/expected/bad_account.headers
@@ -1,5 +1,6 @@
 HTTP/1.1 400 Bad Request
 Content-Type: application/json; charset=utf-8
+Vary: Origin
 X-Content-Type-Options: nosniff
 Date: UNINTERESTING
 Content-Length: UNINTERESTING

diff --git a/tests/e2e_regression/eden/expected/bad_node.headers b/tests/e2e_regression/eden/expected/bad_node.headers
@@ -1,5 +1,6 @@
 HTTP/1.1 400 Bad Request
 Content-Type: application/json; charset=utf-8
+Vary: Origin
 X-Content-Type-Options: nosniff
 Date: UNINTERESTING
 Content-Length: UNINTERESTING

diff --git a/tests/e2e_regression/eden/expected/spec.headers b/tests/e2e_regression/eden/expected/spec.headers
@@ -3,5 +3,6 @@ Accept-Ranges: bytes
 Content-Length: UNINTERESTING
 Content-Type: application/x-yaml
 Last-Modified: UNINTERESTING
+Vary: Origin
 Date: UNINTERESTING
 
diff --git a/tests/e2e_regression/eden/expected/trailing_slash.headers b/tests/e2e_regression/eden/expected/trailing_slash.headers
@@ -1,5 +1,6 @@
 HTTP/1.1 404 Not Found
 Content-Type: text/plain; charset=utf-8
+Vary: Origin
 X-Content-Type-Options: nosniff
 Date: UNINTERESTING
 Content-Length: UNINTERESTING