Skip to content

feat: add CORS support for HTTP API and metrics endpoints #756

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
zemse wants to merge 3 commits into
base: unstable
Choose a base branch
from
Open

feat: add CORS support for HTTP API and metrics endpoints #756

zemse wants to merge 3 commits into from

Conversation

@zemse
Copy link

@zemse zemse commented Dec 17, 2025

Issue Addressed

Closes #249

Proposed Changes

  • Add --metrics-allow-origin CLI flag
  • Implement CORS for HTTP API, the --http-allow-origin flag existed but wasn't wired up.

Additional Info

None

@zemse zemse marked this pull request as ready for review December 17, 2025 14:01
@dknopik dknopik requested a review from petarjuki7 December 18, 2025 17:44
jxs
jxs reviewed Jan 5, 2026
View reviewed changes
Copy link
Member

@jxs jxs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, thanks for getting into this!
Left some comments

anchor/http_metrics/src/lib.rs
Comment on lines +67 to +69
let origin = allow_origin
.map(|o| AllowOrigin::exact(o.parse().expect("validated in config")))
.unwrap_or(AllowOrigin::any());
Copy link
Member

@jxs jxs Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see comment above, this seems un-required, we should be able to receive allow_origin as AllowOrigin to not parsed it again here

anchor/client/src/config.rs
Comment on lines +274 to +281
if let Some(allow_origin) = &cli_args.metrics_allow_origin {
// Pre-validate the config value to give feedback to the user on node startup.
hyper::header::HeaderValue::from_str(allow_origin)
.map_err(|_| "Invalid metrics-allow-origin value")?;

config.http_metrics.allow_origin = Some(allow_origin.to_string());
}

Copy link
Member

@jxs jxs Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should be able to parse cli_args.allow_origin and cli_args.metrics.allow_origin as tower_http::cors::AllowOrigin to store both as AllowOrigin in the config and not have the need to parse them again later

anchor/http_api/src/lib.rs
Comment on lines +43 to +46
let origin = config
.allow_origin
.map(|o| AllowOrigin::exact(o.parse().expect("validated in config")))
.unwrap_or(AllowOrigin::any());
Copy link
Member

@jxs jxs Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see comment above, this seems unrequired, we can have config.allow_origin's type to be AllowOrigin to not have to be parsed again here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jxs jxs jxs left review comments

@petarjuki7 petarjuki7 Awaiting requested review from petarjuki7

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@zemse @jxs @diegomrsantos