In the scenario where prom-aggregation-gateway is exposed to external client that writes metrics (so, browser for example) it should support adding CORS header (Access-Control-Allow-Origin) also on PUT/POST requests. This adds another layer of security (incorrect origins will be rejected) and allows matching origins to read the response from the gateway - browser client can confirm that metrics were indeed sent correctly.
Also added few simple router tests for GET and PUT with both failed and successful CORS.
In the scenario where prom-aggregation-gateway is exposed to external client that writes metrics (so, browser for example) it should support adding CORS header (
Access-Control-Allow-Origin) also on PUT/POST requests. This adds another layer of security (incorrect origins will be rejected) and allows matching origins to read the response from the gateway - browser client can confirm that metrics were indeed sent correctly.Also added few simple router tests for GET and PUT with both failed and successful CORS.
Fixes https://github.com/zapier/prom-aggregation-gateway/issues/58