CORS Access-Control-Allow-Origin header is only returned for GET /metrics requests, but it would be more useful to be returned when posting metrics (POST/PUT to /metrics/*) as that's usual use case for frontend, where CORS header is used.
Posting metrics still works without that, as requests reaches the gateway, but it does not pass the response to invoking code and results in errors in JS console:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://redacted/metrics/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 202.
Tested by running gateway with PAG_CORS set to * and running:
CORS
Access-Control-Allow-Originheader is only returned forGET /metricsrequests, but it would be more useful to be returned when posting metrics (POST/PUT to/metrics/*) as that's usual use case for frontend, where CORS header is used.Posting metrics still works without that, as requests reaches the gateway, but it does not pass the response to invoking code and results in errors in JS console:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://redacted/metrics/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 202.Tested by running gateway with
PAG_CORSset to*and running: