Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cleanup tonic-web cors support and replace it with tower-http #1122

Closed
slinkydeveloper opened this issue Oct 25, 2022 · 1 comment · Fixed by #1123 or #1164
Closed

Cleanup tonic-web cors support and replace it with tower-http #1122

slinkydeveloper opened this issue Oct 25, 2022 · 1 comment · Fixed by #1123 or #1164

Comments

@slinkydeveloper
Copy link
Contributor

Motivation

The CORS code in tonic-web is not 100% compliant with cors spec and cannot be detached from the rest of the tonic-web protocol implementation. This can be problematic for some use cases where the tonic-web layer is just a part of the server, and some other cors layer is used before (as far as i understand in particular for https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests).

Some other grpc-web implementations where cors is separate from the protocol implementation:

How

As described here: #1119 (comment). the idea is to:

  • Remove all the tonic-web cors handling logic
  • tonic_web::enable composes CorsLayer from tonic-http and GrpcWebLayer introduced by Implement tower::Layer for tonic_web::Config #1119. If a user wants more control over the CorsLayer, they can just instantiate manually GrpcWebLayer and compose it with whatever configured cors layer they want (not necessarily the one provided by tower-http)

Breaking changes

  • Config gets removed
  • Behavioral changes for the cors layer, more conform to the spec

Notes

A successful HTTP response to a CORS-preflight request is similar, except it is restricted to an ok status, e.g., 200 or 204.
Any other kind of HTTP response is not successful and will either end up not being shared or fail the CORS-preflight request.

This because in the preflight request the server just replies back to the browser with its cors configuration, then it's up to the browser to figure out whether it should proceed or not with the actual request.

slinkydeveloper added a commit to slinkydeveloper/tonic that referenced this issue Oct 25, 2022
slinkydeveloper added a commit to slinkydeveloper/tonic that referenced this issue Oct 25, 2022
slinkydeveloper added a commit to slinkydeveloper/tonic that referenced this issue Oct 25, 2022
slinkydeveloper added a commit to slinkydeveloper/tonic that referenced this issue Oct 25, 2022
@LucioFranco
Copy link
Member

Ok finally got to reading this and it all makes sense to me!

slinkydeveloper added a commit to slinkydeveloper/tonic that referenced this issue Oct 31, 2022
slinkydeveloper added a commit to slinkydeveloper/tonic that referenced this issue Oct 31, 2022
LucioFranco pushed a commit that referenced this issue Oct 31, 2022
…#1123)

Fix #1122, see the issue for more details.

Signed-off-by: slinkydeveloper <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
2 participants