Skip to content

Add CORS support for POST requests

Tan Le requested to merge support-cors into main

What does this MR do and why?

This adds Cross-Origin Resource Sharing (CORS) support for POST requests to the Model Gateway. This is required since the /completions route will be also called from frontend applications.

Implementations

The browsers will typically issue 2 requests to the Model Gateway. The new CORS settings will add the following access-control headers as followed.

Preflight request: OPTIONS http://codesuggestions.gdk.test:5999/v2/completions

HTTP/1.1 200 OK
date: Wed, 24 May 2023 00:33:37 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-methods: POST
access-control-max-age: 600
access-control-allow-headers: content-type
content-length: 2
content-type: text/plain; charset=utf-8
x-request-id: 50ecbda3469d4beb8b584fdc261dcfbb

Main request: POST http://codesuggestions.gdk.test:5999/v2/completions

HTTP/1.1 200 OK
date: Wed, 24 May 2023 01:58:43 GMT
server: uvicorn
content-length: 251
content-type: application/json
x-process-time: 1.666336001
access-control-allow-origin: *
x-request-id: 05b7133e36884aaa819592299787c418

How to set up and validate locally

  1. Set up a loopback IP for codesuggestions.gdk.test in /etc/hosts.

    172.16.123.1 gdk.test
172.16.123.2 codesuggestions.gdk.test

  2. Update the CSP directives as follow.

    diff --git lib/gitlab/content_security_policy/directives.rb lib/gitlab/content_security_policy/directives.rb
index e293e5653c7d..a8ef53146afe 100644
--- lib/gitlab/content_security_policy/directives.rb
+++ lib/gitlab/content_security_policy/directives.rb
@@ -8,7 +8,7 @@ module Gitlab
   module ContentSecurityPolicy
     module Directives
       def self.connect_src
-        "'self'"
+        "'self' http://codesuggestions.gdk.test:5999"
       end
 
       def self.frame_src

  3. Restart the rails-web process gdk restart rails-web.

  4. Run a local Code Suggestions Model Gateway

    docker buildx build --platform linux/amd64 -t code-suggestions-api:dev .
docker run --platform linux/amd64 --rm -p 5052:5052 -e TRITON_HOST=192.168.5.2 -e TRITON_PORT=8999 -v $PWD:/app -it code-suggestions-api:dev

  5. Start a local GDK instance and login. On any page, run the following script in the Developer Console.

    fetch('http://codesuggestions.gdk.test:5999/v2/completions',  {
  method: "POST",
  headers: {
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    prompt_version: 1,
    project_path: "awesome_project",
    project_id: 23,
    current_file: {
      file_name: "main.py",
      content_above_cursor: "\"\"\"\nImplement fastapi middleware to log all incoming requests\"\"\"\n",
      content_below_cursor: "scoopy doo"
    }
  })
})
  .then(res => res.json())
  .then(console.log)

  6. There should be no CORS issue in the response

Related to gitlab-org/gitlab-web-ide#156 (closed)

Edited by Tan Le

Merge request reports