AppHost Dashboard CORS Configuration #6249
Labels
area-app-model
Issues pertaining to the APIs in Aspire.Hosting, e.g. DistributedApplication
area-dashboard
Milestone
Comments
16 tasks
|
Good news, I was just working on this. PR: #6250
This is the solution I added. |
Wow, can't argue with that kind of turnaround. I'm glad my users don't expect me to be fixing things while they're logging their tickets.... |
davidfowl
added
the
area-app-model
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Is there an existing issue for this?
Is your feature request related to a problem? Please describe the problem.
There was a discussion here Issue 4917 about adding CORS configuration to the Dashboard when run Standalone and via the AppHost. The work appears to have been actioned here PR 5212. From my reading of this, it looks like when running Standalone the DASHBOARD__OTLP__CORS__ALLOWEDORIGINS env var (see Docs) can be used to set the origins to something suitable for the use case. However when the AppHost starts the Dashboard, ALLOWEDORIGINS is automatically set based on the endpoints configured in the AppHost's resources.
If the above is true, this creates an unsurmountable problem when using a Resource in the AppHost which has a custom local domain name. It is currently not possible to configure the AppHost to use a custom domain name when defining resources - they will get a localhost:[RandomPort] instead (this limitation has been discussed several times in the Issues list). This will presumably be auto-added to the Dashboard CORS origins list when the AppHost starts up. But if that Resource is a SPA with a custom domain (manually added to the local hosts file, and using a self-signed cert), telemetry sent to the Dashboard will be blocked by CORS. This prevents the use of browser-sourced telemetry in these scenarios.
Tagging @JamesNK due to the nature of the work and his existing involvement, question was asked originally on the docs repo here - Issue 1588.
Many thanks.
Describe the solution you'd like
Possible options - allow the use of custom domains in WithEndpoint() style builder methods (which would presumably then be passed on in the auto-CORS behaviour). Or allow the use of DASHBOARD__OTLP__CORS__ALLOWEDORIGINS (or similar) to add to the auto-CORS origin list when running the Dashboard via AppHost.
Additional context
No response
The text was updated successfully, but these errors were encountered: