Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cleanup tonic-web cors support and replace it with tower-http #1122

Closed
slinkydeveloper opened this issue Oct 25, 2022 · 1 comment · Fixed by #1123 or #1164
Closed

Cleanup tonic-web cors support and replace it with tower-http #1122

slinkydeveloper opened this issue Oct 25, 2022 · 1 comment · Fixed by #1123 or #1164

Comments

@slinkydeveloper
Copy link
Contributor

Motivation

The CORS code in tonic-web is not 100% compliant with cors spec and cannot be detached from the rest of the tonic-web protocol implementation. This can be problematic for some use cases where the tonic-web layer is just a part of the server, and some other cors layer is used before (as far as i understand in particular for https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests).

Some other grpc-web implementations where cors is separate from the protocol implementation:

How

As described here: #1119 (comment). the idea is to:

  • Remove all the tonic-web cors handling logic
  • tonic_web::enable composes CorsLayer from tonic-http and GrpcWebLayer introduced by Implement tower::Layer for tonic_web::Config #1119. If a user wants more control over the CorsLayer, they can just instantiate manually GrpcWebLayer and compose it with whatever configured cors layer they want (not necessarily the one provided by tower-http)

Breaking changes

  • Config gets removed
  • Behavioral changes for the cors layer, more conform to the spec

Notes

A successful HTTP response to a CORS-preflight request is similar, except it is restricted to an ok status, e.g., 200 or 204.
Any other kind of HTTP response is not successful and will either end up not being shared or fail the CORS-preflight request.

This because in the preflight request the server just replies back to the browser with its cors configuration, then it's up to the browser to figure out whether it should proceed or not with the actual request.
@slinkydeveloper slinkydeveloper mentioned this issue Oct 25, 2022
Merged
slinkydeveloper added a commit to slinkydeveloper/tonic that referenced this issue Oct 25, 2022
@slinkydeveloper
Remove tonic-web custom cors implementation and replace it with tower…
e55101b 
…-http `CorsLayer`. Fix hyperium#1122

Signed-off-by: slinkydeveloper <francescoguard@gmail.com>
@slinkydeveloper slinkydeveloper mentioned this issue Oct 25, 2022
Merged
slinkydeveloper added a commit to slinkydeveloper/tonic that referenced this issue Oct 25, 2022
@slinkydeveloper
Remove tonic-web custom cors implementation and replace it with tower…
36150e6 
…-http `CorsLayer`. Fix hyperium#1122

Signed-off-by: slinkydeveloper <francescoguard@gmail.com>
slinkydeveloper added a commit to slinkydeveloper/tonic that referenced this issue Oct 25, 2022
@slinkydeveloper
Remove tonic-web custom cors implementation and replace it with tower…
7ab10a3 
…-http `CorsLayer`. Fix hyperium#1122

Signed-off-by: slinkydeveloper <francescoguard@gmail.com>
slinkydeveloper added a commit to slinkydeveloper/tonic that referenced this issue Oct 25, 2022
@slinkydeveloper
Remove tonic-web custom cors implementation and replace it with tower…
5cefddf 
…-http `CorsLayer`. Fix hyperium#1122

Signed-off-by: slinkydeveloper <francescoguard@gmail.com>
@LucioFranco
Copy link
Member

Ok finally got to reading this and it all makes sense to me!

slinkydeveloper added a commit to slinkydeveloper/tonic that referenced this issue Oct 31, 2022
@slinkydeveloper
Remove tonic-web custom cors implementation and replace it with tower…
e916469 
…-http `CorsLayer`. Fix hyperium#1122

Signed-off-by: slinkydeveloper <francescoguard@gmail.com>
slinkydeveloper added a commit to slinkydeveloper/tonic that referenced this issue Oct 31, 2022
@slinkydeveloper
Remove tonic-web custom cors implementation and replace it with tower…
53f2390 
…-http `CorsLayer`. Fix hyperium#1122

Signed-off-by: slinkydeveloper <francescoguard@gmail.com>
LucioFranco pushed a commit that referenced this issue Oct 31, 2022
@slinkydeveloper
feat(web): Removed Cors impl and replaced with tower-http's CorsLayer (
a98d719 
…#1123)

Fix #1122, see the issue for more details.

Signed-off-by: slinkydeveloper <francescoguard@gmail.com>
@LucioFranco LucioFranco mentioned this issue Nov 28, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@LucioFranco @slinkydeveloper