#browser `fetch` cors issue with otel. Even with csp set to null

24 messages · Page 1 of 1 (latest)

digital spear
#

I have an instrumented application that is using otel and it's ecosystem packages. Because of its design, it is impossible to reach the http client they use internally forcing a native fetch request.
But it is impossible for me to make any requests to any origin no matter what. I used a 'proxy' like plugin I implemented that just forwarded request sent to otel://traces to the collector, which despite reporting a failure just like the rest, at least did pass the message along. But it required nasty hacks to make work.

I know there are issues with using native fetch/beacon but I'm really hoping there is some sort of out..

CleanShot_2024-03-05_at_19.29.242x.png
digital spear
#

update: requests seem to arrive correctly, just not return correctly

#

wtf?

digital spear
#

update update: I can't recreate things arriving correctly anymore. But I can see the spans arrive from the previous versions of my app where I forgot about this issue

#

thats insane

tough wharf
#

this is unrelated to the csp config. access-control-allow-origin is a header that has to be set by your server and we can't tell the webview to ignore it afaik

sour swallow
#

Lucas added it but didnt documented how to use yet

tough wharf
#

i didn't interpret this issue as an ipc issue

#

sounded to basically like they're fetching https://google.com with google not allowing tauri's origin

#

of course not google, just using that as an obvious example

#

and in this case the ipc is not at play

#

if i understood it incorrectly then you're right

sour swallow
#

In his screenshiot I see that it failed fetching tauri:://localhost

tough wharf
#

no it's fetching https://collector.salmon....

#

tauri://localhost is the origin

#

so the currently displayed website

sour swallow
#

Hmm that's confusing

tough wharf
#

yup

digital spear
#

though the requests worked even before that (my spans arrive and I can trace just fine)

tough wharf
#

And you're setting the Access-Control-Allow-Origin header in your response from the server?

#

If that's what you meant with "I am specifically allowing the tauri://* origin" then maybe try "*" or "tauri://localhost". Not sure if it supports partial wildcards (or whatever tauri://* is called)

digital spear