chore: add prometheus timing to latency endpoint (#7742)

* chore: Prometheus timing to latency endpoint

coderd/coderd.go

@@ -405,6 +405,7 @@ func New(options *Options) *API {
 	derpHandler := derphttp.Handler(api.DERPServer)
 	derpHandler, api.derpCloseFunc = tailnet.WithWebsocketSupport(api.DERPServer, derpHandler)
 	cors := httpmw.Cors(options.DeploymentValues.Dangerous.AllowAllCors.Value())
+	prometheusMW := httpmw.Prometheus(options.PrometheusRegistry)
 
 	r.Use(
 		cors,
@@ -414,7 +415,7 @@ func New(options *Options) *API {
 		httpmw.AttachRequestID,
 		httpmw.ExtractRealIP(api.RealIPConfig),
 		httpmw.Logger(api.Logger),
-		httpmw.Prometheus(options.PrometheusRegistry),
+		prometheusMW,
 		// SubdomainAppMW checks if the first subdomain is a valid app URL. If
 		// it is, it will serve that application.
 		//
@@ -826,7 +827,7 @@ func New(options *Options) *API {
 	// This is the only route we add before all the middleware.
 	// We want to time the latency of the request, so any middleware will
 	// interfere with that timing.
-	rootRouter.Get("/latency-check", cors(LatencyCheck(options.DeploymentValues.Dangerous.AllowAllCors.Value(), api.AccessURL)).ServeHTTP)
+	rootRouter.Get("/latency-check", tracing.StatusWriterMiddleware(prometheusMW(LatencyCheck())).ServeHTTP)
 	rootRouter.Mount("/", r)
 	api.RootHandler = rootRouter
 

coderd/latencycheck.go

@@ -2,8 +2,6 @@ package coderd
 
 import (
 	"net/http"
-	"net/url"
-	"strings"
 )
 
 // LatencyCheck is an endpoint for the web ui to measure latency with.
@@ -11,22 +9,17 @@ import (
 // only be set in dev modes.
 //
 //nolint:revive
-func LatencyCheck(allowAll bool, allowedOrigins ...*url.URL) http.HandlerFunc {
+func LatencyCheck() http.HandlerFunc {
-	allowed := make([]string, 0, len(allowedOrigins))
-	for _, origin := range allowedOrigins {
-		// Allow the origin without a path
-		tmp := *origin
-		tmp.Path = ""
-		allowed = append(allowed, strings.TrimSuffix(origin.String(), "/"))
-	}
-	if allowAll {
-		allowed = append(allowed, "*")
-	}
-	origins := strings.Join(allowed, ",")
 	return func(rw http.ResponseWriter, r *http.Request) {
 		// Allowing timing information to be shared. This allows the browser
 		// to exclude TLS handshake timing.
-		rw.Header().Set("Timing-Allow-Origin", origins)
+		rw.Header().Set("Timing-Allow-Origin", "*")
+		// Always allow all CORs on this route.
+		rw.Header().Set("Access-Control-Allow-Origin", "*")
+		rw.Header().Set("Access-Control-Allow-Headers", "*")
+		rw.Header().Set("Access-Control-Allow-Credentials", "false")
+		rw.Header().Set("Access-Control-Allow-Methods", "*")
 		rw.WriteHeader(http.StatusOK)
+		_, _ = rw.Write([]byte("OK"))
 	}
 }

enterprise/wsproxy/wsproxy.go

@@ -193,6 +193,7 @@ func New(ctx context.Context, opts *Options) (*Server, error) {
 	// The primary coderd dashboard needs to make some GET requests to
 	// the workspace proxies to check latency.
 	corsMW := httpmw.Cors(opts.AllowAllCors, opts.DashboardURL.String())
+	prometheusMW := httpmw.Prometheus(s.PrometheusRegistry)
 
 	// Routes
 	apiRateLimiter := httpmw.RateLimit(opts.APIRateLimit, time.Minute)
@@ -205,7 +206,7 @@ func New(ctx context.Context, opts *Options) (*Server, error) {
 		httpmw.AttachRequestID,
 		httpmw.ExtractRealIP(s.Options.RealIPConfig),
 		httpmw.Logger(s.Logger),
-		httpmw.Prometheus(s.PrometheusRegistry),
+		prometheusMW,
 		corsMW,
 
 		// HandleSubdomain is a middleware that handles all requests to the
@@ -258,7 +259,7 @@ func New(ctx context.Context, opts *Options) (*Server, error) {
 	// See coderd/coderd.go for why we need this.
 	rootRouter := chi.NewRouter()
 	// Make sure to add the cors middleware to the latency check route.
-	rootRouter.Get("/latency-check", corsMW(coderd.LatencyCheck(opts.AllowAllCors, s.DashboardURL, s.AppServer.AccessURL)).ServeHTTP)
+	rootRouter.Get("/latency-check", tracing.StatusWriterMiddleware(prometheusMW(coderd.LatencyCheck())).ServeHTTP)
 	rootRouter.Mount("/", r)
 	s.Handler = rootRouter
 

site/src/contexts/useProxyLatency.ts

@@ -140,9 +140,6 @@ export const useProxyLatency = (
     const proxyRequests = Object.keys(proxyChecks).map((latencyURL) => {
       return axios.get(latencyURL, {
         withCredentials: false,
-        // Must add a custom header to make the request not a "simple request"
-        // https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests
-        headers: { "X-LATENCY-CHECK": "true" },
       })
     })