fix(core): add obligations X-Rewrap-Additional-Context to default CORS allowed headers

[jakedoublev]

Proposed Changes

• This header is required for obligations and should be defaulted.
• Updates all example yamls with full list of default allowed headers.
• DSPX-1938

[gemini-code-assist]

Summary of Changes

Hello @jakedoublev, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request ensures that a specific header, X-Rewrap-Additional-Context, is automatically included in the default CORS allowed headers. This adjustment is vital for the correct functioning of 'obligations' within the system, preventing potential communication issues that could arise from missing necessary headers in cross-origin requests.

Highlights

• CORS Configuration Update: The X-Rewrap-Additional-Context header has been added to the default list of allowed headers for Cross-Origin Resource Sharing (CORS).
• Obligations Support: This change is crucial for 'obligations' functionality, as the X-Rewrap-Additional-Context header is required for their proper operation.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

A header now allowed, CORS smiles, no more errors, Obligations flow.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request adds the X-Rewrap-Additional-Context header to the default allowed CORS headers, which is required for obligations. The change is correct. I've included one suggestion to improve the maintainability of the code by sorting the list of headers. Additionally, please ensure that the checklist in the pull request description is completed, particularly regarding updating any relevant tests and documentation for this change.

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	157.116314ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	84.24073ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	460.642193ms
Throughput	217.09 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	39.272461712s
Average Latency	391.366116ms
Throughput	127.32 requests/second

NANOTDF Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	27.578502642s
Average Latency	274.871245ms
Throughput	181.30 requests/second

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	179.457466ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	96.281934ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	364.908938ms
Throughput	274.04 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	39.474606937s
Average Latency	393.25368ms
Throughput	126.66 requests/second

NANOTDF Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	27.825100759s
Average Latency	277.290123ms
Throughput	179.69 requests/second

[github-actions]

X-Test Results

opentdfplatformZHNV2B.dockerbuild
cukes-report
✅ java-v0.4.34
✅ js-v0.4.34
✅ go-v0.4.34
bats-test-results
test-cases-mapping-report
✅ js-pull-2901
✅ java-pull-2901
✅ go-pull-2901

[github-actions]

X-Test Results

opentdfplatformIM745W.dockerbuild
✅ js-v0.4.34
✅ java-v0.4.34
✅ go-v0.4.34
bats-test-results
test-cases-mapping-report
cukes-report
✅ js-pull-2901
✅ java-pull-2901
✅ go-pull-2901

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	183.654926ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	103.388714ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	359.040962ms
Throughput	278.52 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	39.528069431s
Average Latency	393.528071ms
Throughput	126.49 requests/second

NANOTDF Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	28.186467987s
Average Latency	281.017221ms
Throughput	177.39 requests/second

[github-actions]

X-Test Results

opentdfplatformZK33X3.dockerbuild
✅ java-v0.4.34
✅ js-v0.4.34
✅ go-v0.4.34
bats-test-results
cukes-report
test-cases-mapping-report
✅ js-pull-2901
✅ java-pull-2901
✅ go-pull-2901

[khvirtru]

LGTM

[opentdf-automation]

Successfully created backport PR for release/service/v0.11:

• fix(core): add obligations X-Rewrap-Additional-Context to default CORS allowed headers [backport to release/service/v0.11] #2902