Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"zed serve" flag to specify additional AllowedOrigins #4297

Closed
philrz opened this issue Jan 5, 2023 · 1 comment · Fixed by #4334
Closed

"zed serve" flag to specify additional AllowedOrigins #4297

philrz opened this issue Jan 5, 2023 · 1 comment · Fixed by #4334
Assignees
@nwt

Comments

@philrz
Copy link
Contributor

philrz commented Jan 5, 2023

As described in the README for the prototype Zed data source Grafana plugin, such a plugin cannot currently query an out-of-the-box Zed service because the CORS configuration does not permit requests from the http://localhost:3000 origin.

As an interim hack, I was able to get it working in branch by adding the additional entry for http://localhost:3000 here:

https://github.com/brimdata/zed/blob/52c5061b6fbbe9abd1dd754d240104cca647c5aa/service/middleware.go#L33

In a discussion with the team, we agreed that we should introduce a flag to allow this, e.g., zed serve -origin http://localhost:3000. It seems like a flag that the user should be able to invoke multiple times on the same command line so multiple additional origins can be specified, similar to what we do with multiple includes on zed query -I.
nwt added a commit that referenced this issue Jan 25, 2023
@nwt
add -cors.origins flag to "zed serve"
990520e 
The -cors.origins flag accepts a comma-separated list of CORS allowed
origins.

Closes #4297.
@nwt nwt mentioned this issue Jan 25, 2023
Merged
@nwt nwt closed this as completed in #4334 Jan 26, 2023
nwt added a commit that referenced this issue Jan 26, 2023
@nwt
add -cors.origin flag to "zed serve" (#4334)
58606a0 
The -cors.origin flag specifies a CORS allowed origin. The flag may be
repeated.

This change removes the two baked-in allowed origins,
*.observableusercontent.com and localhost, and replaces them with a
default allowed origin of *.  As a consequence, "zed serve" with no
-cors.origin flag behaves like "zed serve -cors.origin '*'".

Closes #4297.
@philrz philrz mentioned this issue Jan 27, 2023
Open
@philrz
Copy link
Contributor Author

philrz commented Jan 27, 2023
edited
Loading

Verified in Zed commit 3ca4b8a.

The attached video shows it working as needed with the prototype Grafana plugin described in the opened issue text. That plugin which calls out to the /version endpoint of the Zed service when its Save & Test button is clicked. As discussed in the linked PR #4334, in addition to the new -cors.origin flag now available for zed serve, the default behavior in absence of this flag is to allow all origins. Therefore the attached video shows that a regular zed serve without that flag now accepts connections from the plugin. Once at least one -cors.origin flag is specified, only explicitly specified origins are permitted, which is why the connection fails in the video when I include the -cors.origin for the fake origin http://foo/bar. Then when I add a second origin for the Grafana backend proxy's explicit origin via -cors.origin http://localhost:3000 it works again.

Verify.mp4

Issue brimdata/zui#2639 has been opened track eventually adding a setting in the app's Preferences to invoke this flag on the zed serve launched behind the app. However, since the identified short-term use case with Grafana is now working out-of-the-box, this may not be addressed immediately.

Thanks @nwt!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nwt nwt

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add -cors.origin flag to "zed serve" brimdata/super
2 participants
@nwt @philrz