Put CORS header back to http://* with comment on why browsers are annoying

2023-03-24 09:31:52 +00:00 · 2023-03-24 09:31:52 +00:00 · 40f5c53c05
commit 40f5c53c05
parent d1ba5dff38
1 changed files with 3 additions and 1 deletions
--- a/config/otel_dev/collector-gateway.yaml
+++ b/config/otel_dev/collector-gateway.yaml
@ -5,7 +5,9 @@ receivers:
        endpoint: 0.0.0.0:4318
        cors:
          allowed_origins:
-            - "*"
+            # This can't be '*' because opentelemetry-js uses sendBeacon which always operates
+            # in 'withCredentials' mode, which browsers don't allow with an allow-origin of '*'
+            - "http://*"
          allowed_headers:
            - "*"
 processors: