diff --git a/config/confighttp/README.md b/config/confighttp/README.md index 8e1c8b5cf75..570320e72ee 100644 --- a/config/confighttp/README.md +++ b/config/confighttp/README.md @@ -36,9 +36,12 @@ exporter: [Receivers](https://github.com/open-telemetry/opentelemetry-collector/blob/main/receiver/README.md) leverage server configuration. -- [`cors_allowed_origins`](https://github.com/rs/cors): An empty list means - that CORS is not enabled at all. A wildcard can be used to match any origin - or one or more characters of an origin. +- [`cors_allowed_origins`](https://github.com/rs/cors): An empty list here and + in `cors_allowed_headers` means that CORS is not enabled at all. + A wildcard can be used to match any origin or one or more characters of an origin. +- [`cors_allowed_headers`](https://github.com/rs/cors): An empty list here and + in `cors_allowed_origins` means that CORS is not enabled at all. + A wildcard can be used to match any header or one or more characters in the header. - `endpoint`: Valid value syntax available [here](https://github.com/grpc/grpc/blob/master/doc/naming.md) - [`tls_settings`](../configtls/README.md) @@ -50,6 +53,8 @@ receivers: cors_allowed_origins: - https://foo.bar.com - https://*.test.com + cors_allowed_headers: + - ExampleHeader endpoint: 0.0.0.0:55690 protocols: http: diff --git a/config/confighttp/confighttp.go b/config/confighttp/confighttp.go index 56936c74da8..1efd9b17a8f 100644 --- a/config/confighttp/confighttp.go +++ b/config/confighttp/confighttp.go @@ -111,9 +111,15 @@ type HTTPServerSettings struct { // CorsOrigins are the allowed CORS origins for HTTP/JSON requests to grpc-gateway adapter // for the OTLP receiver. See github.com/rs/cors - // An empty list means that CORS is not enabled at all. A wildcard (*) can be - // used to match any origin or one or more characters of an origin. + // An empty CorsOrigins and CorsHeaders means that CORS is not enabled at all. + // A wildcard (*) can be used to match any origin or one or more characters of an origin. CorsOrigins []string `mapstructure:"cors_allowed_origins"` + + // CorsHeaders are the allowed CORS headers for HTTP/JSON requests to grpc-gateway adapter + // for the OTLP receiver. See github.com/rs/cors + // An empty CorsOrigins and CorsHeaders means that CORS is not enabled at all. + // A wildcard (*) can be used to match any header or one or more characters of a header. + CorsHeaders []string `mapstructure:"cors_allowed_headers"` } func (hss *HTTPServerSettings) ToListener() (net.Listener, error) { @@ -154,8 +160,8 @@ func (hss *HTTPServerSettings) ToServer(handler http.Handler, opts ...ToServerOp for _, o := range opts { o(serverOpts) } - if len(hss.CorsOrigins) > 0 { - co := cors.Options{AllowedOrigins: hss.CorsOrigins} + if len(hss.CorsOrigins) > 0 || len(hss.CorsHeaders) > 0 { + co := cors.Options{AllowedOrigins: hss.CorsOrigins, AllowedHeaders: hss.CorsHeaders} handler = cors.New(co).Handler(handler) } handler = middleware.HTTPContentDecompressor( diff --git a/receiver/otlpreceiver/README.md b/receiver/otlpreceiver/README.md index d312b4612e9..1e99e302438 100644 --- a/receiver/otlpreceiver/README.md +++ b/receiver/otlpreceiver/README.md @@ -52,7 +52,8 @@ port is `55681`. The HTTP/JSON endpoint can also optionally configure [CORS](https://fetch.spec.whatwg.org/#cors-protocol), which is enabled by -specifying a list of allowed CORS origins in the `cors_allowed_origins` field: +specifying a list of allowed CORS origins in the `cors_allowed_origins` and/or +`cors_allowed_headers` fields: ```yaml receivers: @@ -64,4 +65,6 @@ receivers: - http://test.com # Origins can have wildcards with *, use * by itself to match any origin. - https://*.example.com + cors_allowed_headers: + - TestHeader ``` diff --git a/receiver/otlpreceiver/config_test.go b/receiver/otlpreceiver/config_test.go index dd177adabb8..21f444631cc 100644 --- a/receiver/otlpreceiver/config_test.go +++ b/receiver/otlpreceiver/config_test.go @@ -42,7 +42,7 @@ func TestLoadConfig(t *testing.T) { require.NoError(t, err) require.NotNil(t, cfg) - assert.Equal(t, len(cfg.Receivers), 9) + assert.Equal(t, len(cfg.Receivers), 10) assert.Equal(t, cfg.Receivers["otlp"], factory.CreateDefaultConfig()) @@ -176,6 +176,20 @@ func TestLoadConfig(t *testing.T) { }, }) + assert.Equal(t, cfg.Receivers["otlp/corsheader"], + &Config{ + ReceiverSettings: configmodels.ReceiverSettings{ + TypeVal: typeStr, + NameVal: "otlp/corsheader", + }, + Protocols: Protocols{ + HTTP: &confighttp.HTTPServerSettings{ + Endpoint: "0.0.0.0:55681", + CorsHeaders: []string{"ExampleHeader"}, + }, + }, + }) + assert.Equal(t, cfg.Receivers["otlp/uds"], &Config{ ReceiverSettings: configmodels.ReceiverSettings{ diff --git a/receiver/otlpreceiver/testdata/config.yaml b/receiver/otlpreceiver/testdata/config.yaml index 29ab7bfa108..9fd3a9fc4b5 100644 --- a/receiver/otlpreceiver/testdata/config.yaml +++ b/receiver/otlpreceiver/testdata/config.yaml @@ -78,6 +78,12 @@ receivers: cors_allowed_origins: - https://*.test.com # Wildcard subdomain. Allows domains like https://www.test.com and https://foo.test.com but not https://wwwtest.com. - https://test.com # Fully qualified domain name. Allows https://test.com only. + # The following entry demonstrates how to use CORS Header configuration. + otlp/corsheader: + protocols: + http: + cors_allowed_headers: + - ExampleHeader processors: exampleprocessor: