Home Explore Help
Sign In
SMusatov
/
sentry
mirror of https://github.com/getsentry/sentry
1
0
Fork 0
Files
Browse Source

feat(hybrid-cloud): Adjust CORS for customer domains (#36639)

Alberto Leal 2 years ago
parent
b1c6aa7b1a
commit
6f63211623
3 changed files with 17 additions and 2 deletions
Split View Show Diff Stats
  1. 2 1
      src/sentry/api/base.py
  2. 1 1
      static/app/api.tsx
  3. 14 0
      tests/sentry/api/test_base.py

+ 2 - 1
src/sentry/api/base.py
View File 

@@ -78,7 +78,8 @@ def allow_cors_options(func):
 
         response["Access-Control-Allow-Methods"] = allow
 
         response["Access-Control-Allow-Headers"] = (
 
             "X-Sentry-Auth, X-Requested-With, Origin, Accept, "
 
-            "Content-Type, Authentication, Authorization, Content-Encoding"
 
+            "Content-Type, Authentication, Authorization, Content-Encoding, "
 
+            "sentry-trace, baggage"
 
         )
 
         response["Access-Control-Expose-Headers"] = "X-Sentry-Error, Retry-After"

+ 1 - 1
static/app/api.tsx
View File 

@@ -448,7 +448,7 @@ export class Client {
 
       method,
 
       body,
 
       headers,
 
-      credentials: 'same-origin',
 
+      credentials: 'include',
 
       signal: aborter?.signal,
 
     });

+ 14 - 0
tests/sentry/api/test_base.py
View File 

@@ -53,6 +53,13 @@ class EndpointTest(APITestCase):
 
         assert response.status_code == 200, response.content
 
 
         assert response["Access-Control-Allow-Origin"] == "http://example.com"
 
+        assert response["Access-Control-Allow-Headers"] == (
 
+            "X-Sentry-Auth, X-Requested-With, Origin, Accept, "
 
+            "Content-Type, Authentication, Authorization, Content-Encoding, "
 
+            "sentry-trace, baggage"
 
+        )
 
+        assert response["Access-Control-Expose-Headers"] == "X-Sentry-Error, Retry-After"
 
+        assert response["Access-Control-Allow-Methods"] == "GET, HEAD, OPTIONS"
 
 
     def test_invalid_cors_without_auth(self):
 
         request = self.make_request(method="GET")
 
@@ -86,6 +93,13 @@ class EndpointTest(APITestCase):
 
 
         assert response.status_code == 200, response.content
 
         assert response["Access-Control-Allow-Origin"] == "http://example.com"
 
+        assert response["Access-Control-Allow-Headers"] == (
 
+            "X-Sentry-Auth, X-Requested-With, Origin, Accept, "
 
+            "Content-Type, Authentication, Authorization, Content-Encoding, "
 
+            "sentry-trace, baggage"
 
+        )
 
+        assert response["Access-Control-Expose-Headers"] == "X-Sentry-Error, Retry-After"
 
+        assert response["Access-Control-Allow-Methods"] == "GET, HEAD, OPTIONS"
 
 
 
 class PaginateTest(APITestCase):