add B3 and W3C tracing headers to CORS exposed headers (#883)

### What Added all relevant W3C and Zipkin/B3 trace response headers, to exposed headers for CORS. The headers list (as pointed out by Samir) - For Zipkin/B3: - `X-B3-TraceId` - `X-B3-SpanId` - `X-B3-ParentSpanId` - `X-B3-Sampled` For W3C: - `traceparent` - `tracestate` This is generally useful for any client accessing the API to retrieve tracing information. ### How Created a constant array of relevant header names. And initialize the CORS middleware, with these as exposed headers. V3_GIT_ORIGIN_REV_ID: c7aaf2507b03e1897971ca6cd2bbaa06b08dfa52
2024-12-14 17:02:49 +03:00 · 2024-08-06 15:04:08 +05:30 · 2024-08-06 15:04:08 +05:30 · 88eea4b285
commit 88eea4b285
parent d5909e8c48
1 changed files with 19 additions and 3 deletions
--- a/v3/crates/engine/bin/engine/cors.rs
+++ b/v3/crates/engine/bin/engine/cors.rs
@ -3,6 +3,24 @@ use reqwest::Method;
 use std::time::Duration;
 use tower_http::cors;

+// Allow tracing headers to be retrievable on responses over CORS.
+//
+// Clippy has a false-positive with HeadeName and interior mutability
+// (https://github.com/rust-lang/rust-clippy/issues/9776). This will get fixed
+// when we upgrade Clippy.
+#[allow(clippy::declare_interior_mutable_const)]
+const TRACE_RESPONSE_HEADER_NAMES: [HeaderName; 7] = [
+    // W3C headers
+    HeaderName::from_static("traceresponse"),
+    HeaderName::from_static("traceparent"),
+    HeaderName::from_static("tracestate"),
+    // Zipkin/B3 headers
+    HeaderName::from_static("x-b3-traceid"),
+    HeaderName::from_static("x-b3-spanid"),
+    HeaderName::from_static("x-b3-parentspanid"),
+    HeaderName::from_static("x-b3-sampled"),
+];
+
 /// Add CORS layer to the app.
 pub fn build_cors_layer(cors_allow_origin: &[String]) -> cors::CorsLayer {
    let cors_allow_origin = if cors_allow_origin.is_empty() {
@ -19,15 +37,13 @@ pub fn build_cors_layer(cors_allow_origin: &[String]) -> cors::CorsLayer {
            })
        })
    };
-    // Allow traceresponse to be retrievable on CORS
-    let trace_response_header_name = HeaderName::from_static("traceresponse");
    cors::CorsLayer::new()
        .max_age(Duration::from_secs(24 * 60 * 60)) // 24 hours
        .allow_headers(cors::AllowHeaders::mirror_request())
        .allow_origin(cors_allow_origin)
        .allow_credentials(true)
        .allow_methods(vec![Method::GET, Method::POST, Method::OPTIONS])
-        .expose_headers([trace_response_header_name])
+        .expose_headers(TRACE_RESPONSE_HEADER_NAMES)
 }

 #[cfg(test)]