Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add cross-origin-resource-policy response header #2394

Merged
merged 6 commits into from
Aug 10, 2023
Merged

feat: add cross-origin-resource-policy response header #2394

merged 6 commits into from
Aug 10, 2023

Conversation

mdtro
Copy link
Member

@mdtro mdtro commented Aug 8, 2023

Fix for getsentry/sentry#41225.

Browsers are starting to require the CORP header it seems. Relay sets Access-Control-Allow-Origin: *, but this is not sufficient for those that have stricter headers set:

cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin

tower_http's CORS module does not support CORP/COOP/COEP so I just added the static header on the response.

@mdtro mdtro requested a review from a team August 8, 2023 21:45
olksdr
olksdr requested changes Aug 9, 2023
View reviewed changes
Copy link
Contributor

@olksdr olksdr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It also would be great to add a test (an integration test) to make sure the relay responds with the correct headers.

CHANGELOG.md Outdated Show resolved Hide resolved
relay-server/src/actors/server.rs Outdated Show resolved Hide resolved
@mdtro
Copy link
Member Author

mdtro commented Aug 9, 2023
edited
Loading

It also would be great to add a test (an integration test) to make sure the relay responds with the correct headers.

@olksdr Thank you for the suggestion. I wasn't too sure where to add them, but I was able to track down where the other CORS headers are tested as well.

Please let me know if the added test is sufficient. :)

@mdtro mdtro requested a review from olksdr August 9, 2023 21:33
olksdr
olksdr approved these changes Aug 10, 2023
View reviewed changes
tests/integration/test_basic.py Outdated Show resolved Hide resolved
mdtro and others added 6 commits August 10, 2023 08:43
@mdtro
feat: add cross-origin-resource-policy response header
e825a8b
@mdtro
add changelog entry
66ad80f
@mdtro @olksdr
Update CHANGELOG.md
7a31c16 
Co-authored-by: Oleksandr <1931331+olksdr@users.noreply.github.com>
@mdtro @olksdr
lowercase header name
585f806 
Co-authored-by: Oleksandr <1931331+olksdr@users.noreply.github.com>
@mdtro
add integration test for corp header
d6cf2de
@mdtro @olksdr
Update tests/integration/test_basic.py
0d6d9e0 
Co-authored-by: Oleksandr <1931331+olksdr@users.noreply.github.com>
@mdtro mdtro force-pushed the mdtro/feat/corp-response-header branch from a5bf519 to 0d6d9e0 Compare August 10, 2023 13:44
@mdtro mdtro enabled auto-merge (squash) August 10, 2023 13:45
@mdtro mdtro disabled auto-merge August 10, 2023 13:45
@mdtro mdtro enabled auto-merge (squash) August 10, 2023 13:45
@mdtro mdtro merged commit 162175b into master Aug 10, 2023
@mdtro mdtro deleted the mdtro/feat/corp-response-header branch August 10, 2023 14:03
@olksdr olksdr mentioned this pull request Aug 16, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@olksdr olksdr olksdr approved these changes

Assignees

@mdtro mdtro

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mdtro @olksdr