refactor: remove default ACCESS_CONTROL_ALLOW_ORIGIN and `CACHE_CON…#134
Merged
Conversation
…TROL` headers for cleaner response handling - Eliminated setting default `ACCESS_CONTROL_ALLOW_ORIGIN` and `CACHE_CONTROL` headers in `app_res_headers` function. - Updated tests to reflect the new header count and removed assertions for these headers.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR refactors http-service response header handling by removing two previously hard-coded default headers (Access-Control-Allow-Origin: * and Cache-Control: no-store) so that responses only include headers explicitly configured per app.
Changes:
- Removed default
ACCESS_CONTROL_ALLOW_ORIGINandCACHE_CONTROLheaders fromapp_res_headers. - Updated HTTP executor tests to expect fewer response headers after defaults were removed.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
crates/http-service/src/lib.rs |
Removes the global default response headers from app_res_headers, changing default response header behavior. |
crates/http-service/src/executor/http.rs |
Updates tests to reflect the new (reduced) header set returned by handle_request. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -615,11 +614,6 @@ fn app_name_from_request(req: &hyper::Request<impl Body>) -> Result<AppName> { | |||
|
|
|||
| fn app_res_headers(app_cfg: App) -> HeaderMap { | |||
| let mut headers = HeaderMap::new(); | |||
| HeaderValue::from_str("*").unwrap(), | ||
| ); | ||
| headers.append(CACHE_CONTROL, HeaderValue::from_str("no-store").unwrap()); | ||
| /* if specified, add/remove/overwrite response headers */ |
qrdl
approved these changes
May 11, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…TROL` headers for cleaner response handling
ACCESS_CONTROL_ALLOW_ORIGINandCACHE_CONTROLheaders inapp_res_headersfunction.