Issue with SwaggerUI and CORS

[docktermj]

First of all: Bravo on ogen. An excellent piece of software.

Given that the SwaggerUI (https://petstore.swagger.io/) is part of the OpenAPI ecosystem, it would be nice if the SwaggerUI could easily work with the server generated by https://github.com/ogen-go/ogen. curl calls and http requests from the browser work well. However, when using the SwaggerUI application, CORS presents a problem.

According to the documentation given by SmartBear (who supports Swagger):

• https://swagger.io/docs/open-source-tools/swagger-ui/usage/cors/
• https://support.smartbear.com/swaggerhub/docs/ui/cors.html

the following headers need to be in the response:

Access-Control-Allow-Origin: https://host.from.which.the.request.came
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: ResponseHeader1, ResponseHeader2, ...

I can't seem to find a clear explanation of how to include extra HTTP response headers from the code generated by ogen. The examples on middleware.Middleware and ServerOptions aren't giving a clear picture as to whether or not this is the approach used.

So,

1. Does the capability of adding HTTP response headers exist in ogen?
2. If it does, where is documentation that show how it is done?

[tdakkota]

Server type implements http.Handler and could be wrapped by any middleware like https://github.com/rs/cors to add more response headers.

But probably we should provide a function to get some information about every route: HTTP method, response headers, etc. It would make CORS setup easier.

[docktermj]

@tdakkota That would be nice. Thank you for considering it.

[gonnafaraway]

@docktermj like this