Better configure Access-Control-Allow-Origin on Problem Details errors

[jviotti]

Signed-off-by: Juan Cruz Viotti jv@jviotti.com

[cubic-dev-ai]

2 issues found across 16 files

<sub>Reply with feedback, questions, or to request a fix.

Re-trigger cubic</sub>

[augmentcode]

🤖 Augment PR Summary

Summary: Makes CORS handling for Problem Details (RFC 9457-style) error responses configurable instead of always using a wildcard.

Changes:

• Extends sourcemeta::one::json_error with an explicit origin parameter and uses it to set Access-Control-Allow-Origin
• Updates all callers across router actions to pass an origin (currently "*") and preserves existing Allow header behavior for 405 responses
• Updates Router::error API to accept an origin and threads it through to json_error
• Adjusts various “not found”, “method not allowed”, and “bad request” error sites to the new json_error signature

Technical Notes: This removes the implicit CORS default in json_error, forcing each error site to choose an explicit CORS scope (wildcard vs. restricted origin).

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. 1 suggestion posted.

Comment augment review to trigger a new review at any time.

[augmentcode]

origin is now written directly into Access-Control-Allow-Origin; since HTTPResponse::write_header ultimately forwards to uWebSockets' writeHeader without sanitization, please make sure any non-literal origins passed here are validated/allowlisted (and can’t contain invalid characters like CR/LF). Otherwise a future caller that forwards untrusted input could accidentally widen CORS or enable response header injection.

Severity: high

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}

[github-actions]

Benchmark Index (community)

Details

Benchmark suite	Current: aba8104	Previous: 15dfc7c	Ratio
Add one schema (0 existing)	391 ms	318 ms	1.23
Add one schema (100 existing)	28 ms	24 ms	1.17
Add one schema (1000 existing)	82 ms	80 ms	1.02
Add one schema (10000 existing)	681 ms	941 ms	0.72
Update one schema (1 existing)	21 ms	18 ms	1.17
Update one schema (101 existing)	28 ms	24 ms	1.17
Update one schema (1001 existing)	83 ms	110 ms	0.75
Update one schema (10001 existing)	686 ms	1463 ms	0.47
Cached rebuild (1 existing)	6 ms	5 ms	1.20
Cached rebuild (101 existing)	8 ms	7 ms	1.14
Cached rebuild (1001 existing)	27 ms	25 ms	1.08
Cached rebuild (10001 existing)	241 ms	222 ms	1.09
Index 100 schemas	646 ms	633 ms	1.02
Index 1000 schemas	1589 ms	1745 ms	0.91
Index 10000 schemas	13411 ms	13799 ms	0.97
Index 10000 schemas (custom meta-schema)	141770 ms	113741 ms	1.25

This comment was automatically generated by workflow using github-action-benchmark.

[github-actions]

Benchmark Index (enterprise)

Details

Benchmark suite	Current: aba8104	Previous: 15dfc7c	Ratio
Add one schema (0 existing)	391 ms	383 ms	1.02
Add one schema (100 existing)	33 ms	32 ms	1.03
Add one schema (1000 existing)	92 ms	89 ms	1.03
Add one schema (10000 existing)	939 ms	901 ms	1.04
Update one schema (1 existing)	25 ms	24 ms	1.04
Update one schema (101 existing)	33 ms	31 ms	1.06
Update one schema (1001 existing)	91 ms	91 ms	1
Update one schema (10001 existing)	754 ms	717 ms	1.05
Cached rebuild (1 existing)	7 ms	7 ms	1
Cached rebuild (101 existing)	10 ms	9 ms	1.11
Cached rebuild (1001 existing)	30 ms	30 ms	1
Cached rebuild (10001 existing)	242 ms	242 ms	1
Index 100 schemas	687 ms	674 ms	1.02
Index 1000 schemas	1658 ms	1662 ms	1.00
Index 10000 schemas	13858 ms	13748 ms	1.01
Index 10000 schemas (custom meta-schema)	146273 ms	143840 ms	1.02

This comment was automatically generated by workflow using github-action-benchmark.