Add CORS support for POST requests
What does this MR do and why?
This adds Cross-Origin Resource Sharing (CORS) support for POST requests
to the Model Gateway. This is required since the /completions
route
will be also called from frontend applications.
Implementations
The browsers will typically issue 2 requests to the Model Gateway. The new CORS settings will add the following access-control
headers as followed.
Preflight request: OPTIONS http://codesuggestions.gdk.test:5999/v2/completions
HTTP/1.1 200 OK
date: Wed, 24 May 2023 00:33:37 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-methods: POST
access-control-max-age: 600
access-control-allow-headers: content-type
content-length: 2
content-type: text/plain; charset=utf-8
x-request-id: 50ecbda3469d4beb8b584fdc261dcfbb
Main request: POST http://codesuggestions.gdk.test:5999/v2/completions
HTTP/1.1 200 OK
date: Wed, 24 May 2023 01:58:43 GMT
server: uvicorn
content-length: 251
content-type: application/json
x-process-time: 1.666336001
access-control-allow-origin: *
x-request-id: 05b7133e36884aaa819592299787c418
How to set up and validate locally
-
Set up a loopback IP for
codesuggestions.gdk.test
in/etc/hosts
.172.16.123.1 gdk.test 172.16.123.2 codesuggestions.gdk.test
-
Update the CSP directives as follow.
diff --git lib/gitlab/content_security_policy/directives.rb lib/gitlab/content_security_policy/directives.rb index e293e5653c7d..a8ef53146afe 100644 --- lib/gitlab/content_security_policy/directives.rb +++ lib/gitlab/content_security_policy/directives.rb @@ -8,7 +8,7 @@ module Gitlab module ContentSecurityPolicy module Directives def self.connect_src - "'self'" + "'self' http://codesuggestions.gdk.test:5999" end def self.frame_src
-
Restart the rails-web process
gdk restart rails-web
. -
Run a local Code Suggestions Model Gateway
docker buildx build --platform linux/amd64 -t code-suggestions-api:dev . docker run --platform linux/amd64 --rm -p 5052:5052 -e TRITON_HOST=192.168.5.2 -e TRITON_PORT=8999 -v $PWD:/app -it code-suggestions-api:dev
-
Start a local GDK instance and login. On any page, run the following script in the Developer Console.
fetch('http://codesuggestions.gdk.test:5999/v2/completions', { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ prompt_version: 1, project_path: "awesome_project", project_id: 23, current_file: { file_name: "main.py", content_above_cursor: "\"\"\"\nImplement fastapi middleware to log all incoming requests\"\"\"\n", content_below_cursor: "scoopy doo" } }) }) .then(res => res.json()) .then(console.log)
-
There should be no CORS issue in the response
Related to gitlab-org/gitlab-web-ide#156 (closed)