CORS headers to stop and resume handlers

added custom response

CORS stop resume

3 files changed, 63 insertions, 13 deletions

diff --git a/ydb/core/mon/async_http_mon.cpp b/ydb/core/mon/async_http_mon.cpp
index 369140fe998..e98843af320 100644
--- a/ydb/core/mon/async_http_mon.cpp
+++ b/ydb/core/mon/async_http_mon.cpp
@@ -310,7 +310,8 @@ public:
             resultPage.Parent = ActorMonPage->Parent;
             resultPage.Output(Container);
         } else {
-            ev->Get()->Output(Container);
+            TCustomResult result(*(ev->Get()));
+            result.Output(Container);
         }
         ReplyWith(Event->Get()->Request->CreateResponseString(Container.Str()));
         PassAway();
diff --git a/ydb/core/mon/mon_impl.h b/ydb/core/mon/mon_impl.h
index dc54b7c35ff..01621d28a45 100644
--- a/ydb/core/mon/mon_impl.h
+++ b/ydb/core/mon/mon_impl.h
@@ -227,6 +227,34 @@ protected:
     TString User;
 };
 
+class TCustomResult {
+public:
+    TCustomResult(const NMon::IEvHttpInfoRes &result)
+        : Result(result)
+    {
+    }
+
+    void Output(NMonitoring::IMonHttpRequest& request) {
+        IOutputStream& out = request.Output();
+
+        out << "HTTP/1.1 200 Ok\r\n"
+            << "Content-Type: text/html\r\n"
+            << "Connection: Close\r\n";
+        TString origin = TString(request.GetHeader("Origin"));
+        if (origin.empty()) {
+            origin = "*";
+        }
+        out << "Access-Control-Allow-Origin: " << origin << "\r\n"
+            << "Access-Control-Allow-Credentials: true\r\n"
+            << "Access-Control-Allow-Headers: Content-Type,Authorization,Origin,Accept\r\n"
+            << "Access-Control-Allow-Methods: OPTIONS, GET, POST\r\n";
+
+        Result.Output(request.Output());
+    }
+
+private:
+    const NMon::IEvHttpInfoRes &Result;
+};
 
 ////////////////////////////////////////////////////////////////////////////////
 // HTML results page
diff --git a/ydb/core/security/login_page.cpp b/ydb/core/security/login_page.cpp
index ad5290e3a66..a4f455bbdb3 100644
--- a/ydb/core/security/login_page.cpp
+++ b/ydb/core/security/login_page.cpp
@@ -171,14 +171,6 @@ public:
         ReplyErrorAndPassAway("504 Gateway Timeout", "Timeout");
     }
 
-    void ReplyOptionsAndPassAway() {
-        Result.SetValue(MakeHolder<NMon::TEvHttpInfoRes>(
-            "HTTP/1.1 204 No Content\r\n"
-            "Allow: OPTIONS, POST\r\n"
-            "Connection: Keep-Alive\r\n\r\n", 0, NMon::IEvHttpInfoRes::EContentType::Custom));
-        PassAway();
-    }
-
     TString GetCORS() {
         TStringBuilder res;
         TString origin = TString(Request.GetHeader("Origin"));
@@ -192,6 +184,17 @@ public:
         return res;
     }
 
+    void ReplyOptionsAndPassAway() {
+        TStringStream response;
+        response << "HTTP/1.1 204 No Content\r\n";
+        response << "Allow: OPTIONS, POST\r\n";
+        response << "Connection: Keep-Alive\r\n";
+        response << GetCORS();
+        response << "\r\n";
+        Result.SetValue(MakeHolder<NMon::TEvHttpInfoRes>(response.Str(), 0, NMon::IEvHttpInfoRes::EContentType::Custom));
+        PassAway();
+    }
+
     void ReplyCookieAndPassAway(const TString& cookie) {
         TStringStream response;
         TDuration maxAge = (ToInstant(NLogin::TLoginProvider::GetTokenExpiresAt(cookie)) - TInstant::Now());
@@ -333,11 +336,27 @@ public:
         ReplyErrorAndPassAway("504 Gateway Timeout", "Timeout");
     }
 
+    TString GetCORS() {
+        TStringBuilder res;
+        TString origin = TString(Request.GetHeader("Origin"));
+        if (origin.empty()) {
+            origin = "*";
+        }
+        res << "Access-Control-Allow-Origin: " << origin << "\r\n";
+        res << "Access-Control-Allow-Credentials: true\r\n";
+        res << "Access-Control-Allow-Headers: Content-Type,Authorization,Origin,Accept\r\n";
+        res << "Access-Control-Allow-Methods: OPTIONS, GET, POST\r\n";
+        return res;
+    }
+
     void ReplyOptionsAndPassAway() {
-        Result.SetValue(MakeHolder<NMon::TEvHttpInfoRes>(
-            "HTTP/1.1 204 No Content\r\n"
-            "Allow: OPTIONS, POST\r\n"
-            "Connection: Keep-Alive\r\n\r\n", 0, NMon::IEvHttpInfoRes::EContentType::Custom));
+        TStringStream response;
+        response << "HTTP/1.1 204 No Content\r\n";
+        response << "Allow: OPTIONS, POST\r\n";
+        response << "Connection: Keep-Alive\r\n";
+        response << GetCORS();
+        response << "\r\n";
+        Result.SetValue(MakeHolder<NMon::TEvHttpInfoRes>(response.Str(), 0, NMon::IEvHttpInfoRes::EContentType::Custom));
         PassAway();
     }
 
@@ -345,6 +364,7 @@ public:
         TStringStream response;
         response << "HTTP/1.1 200 OK\r\n";
         response << "Set-Cookie: ydb_session_id=; Max-Age=0\r\n";
+        response << GetCORS();
         response << "\r\n";
         Result.SetValue(MakeHolder<NMon::TEvHttpInfoRes>(response.Str(), 0, NMon::IEvHttpInfoRes::EContentType::Custom));
         PassAway();
@@ -358,6 +378,7 @@ public:
         response << "HTTP/1.1 " << status << "\r\n";
         response << "Content-Type: application/json\r\n";
         response << "Content-Length: " << responseBody.Size() << "\r\n";
+        response << GetCORS();
         response << "\r\n";
         response << responseBody;
         Result.SetValue(MakeHolder<NMon::TEvHttpInfoRes>(response.Str(), 0, NMon::IEvHttpInfoRes::EContentType::Custom));