chore: add prometheus timing to latency endpoint (#7742)

* chore: Prometheus timing to latency endpoint
2025-07-06 15:41:45 +00:00 · 2023-06-06 10:26:13 -05:00
parent 944c42dcb6
commit 72f59950f2
4 changed files with 14 additions and 22 deletions
--- a/coderd/coderd.go
+++ b/coderd/coderd.go
@ -405,6 +405,7 @@ func New(options *Options) *API {
 	derpHandler := derphttp.Handler(api.DERPServer)
 	derpHandler, api.derpCloseFunc = tailnet.WithWebsocketSupport(api.DERPServer, derpHandler)
 	cors := httpmw.Cors(options.DeploymentValues.Dangerous.AllowAllCors.Value())
+	prometheusMW := httpmw.Prometheus(options.PrometheusRegistry)

 	r.Use(
 		cors,
@ -414,7 +415,7 @@ func New(options *Options) *API {
 		httpmw.AttachRequestID,
 		httpmw.ExtractRealIP(api.RealIPConfig),
 		httpmw.Logger(api.Logger),
-		httpmw.Prometheus(options.PrometheusRegistry),
+		prometheusMW,
 		// SubdomainAppMW checks if the first subdomain is a valid app URL. If
 		// it is, it will serve that application.
 		//
@ -826,7 +827,7 @@ func New(options *Options) *API {
 	// This is the only route we add before all the middleware.
 	// We want to time the latency of the request, so any middleware will
 	// interfere with that timing.
-	rootRouter.Get("/latency-check", cors(LatencyCheck(options.DeploymentValues.Dangerous.AllowAllCors.Value(), api.AccessURL)).ServeHTTP)
+	rootRouter.Get("/latency-check", tracing.StatusWriterMiddleware(prometheusMW(LatencyCheck())).ServeHTTP)
 	rootRouter.Mount("/", r)
 	api.RootHandler = rootRouter

--- a/coderd/latencycheck.go
+++ b/coderd/latencycheck.go
@ -2,8 +2,6 @@ package coderd

 import (
 	"net/http"
-	"net/url"
-	"strings"
 )

 // LatencyCheck is an endpoint for the web ui to measure latency with.
@ -11,22 +9,17 @@ import (
 // only be set in dev modes.
 //
 //nolint:revive
-func LatencyCheck(allowAll bool, allowedOrigins ...*url.URL) http.HandlerFunc {
-	allowed := make([]string, 0, len(allowedOrigins))
-	for _, origin := range allowedOrigins {
-		// Allow the origin without a path
-		tmp := *origin
-		tmp.Path = ""
-		allowed = append(allowed, strings.TrimSuffix(origin.String(), "/"))
-	}
-	if allowAll {
-		allowed = append(allowed, "*")
-	}
-	origins := strings.Join(allowed, ",")
+func LatencyCheck() http.HandlerFunc {
 	return func(rw http.ResponseWriter, r *http.Request) {
 		// Allowing timing information to be shared. This allows the browser
 		// to exclude TLS handshake timing.
-		rw.Header().Set("Timing-Allow-Origin", origins)
+		rw.Header().Set("Timing-Allow-Origin", "*")
+		// Always allow all CORs on this route.
+		rw.Header().Set("Access-Control-Allow-Origin", "*")
+		rw.Header().Set("Access-Control-Allow-Headers", "*")
+		rw.Header().Set("Access-Control-Allow-Credentials", "false")
+		rw.Header().Set("Access-Control-Allow-Methods", "*")
 		rw.WriteHeader(http.StatusOK)
+		_, _ = rw.Write([]byte("OK"))
 	}
 }