Query Frontend: Set CORS header

[hwoarang]

Set CORS to the query frontend component in order to be able
to freely access it from Grafana's living elsewhere.

Signed-off-by: Markos Chandras markos@chandras.me

• I added CHANGELOG entry for this change.
• Change is not relevant to the end user.

Changes

Set Access-Control-Allow-Origin Header to Query Frontend

Verification

• make test-e2e-local
• Tested also with local grafana connected to a local Thanos frontend using our internal Thanos querier and everything worked fine. No CORS errors anymore.

[GiedriusS]

Does this also work when you use POST? Because we have:

var corsHeaders = map[string]string{
	"Access-Control-Allow-Headers":  "Accept, Accept-Encoding, Authorization, Content-Type, Origin",
	"Access-Control-Allow-Methods":  "GET, OPTIONS",
	"Access-Control-Allow-Origin":   "*",
	"Access-Control-Expose-Headers": "Date",
}

[hwoarang]

Does this also work when you use POST? Because we have:

var corsHeaders = map[string]string{
	"Access-Control-Allow-Headers":  "Accept, Accept-Encoding, Authorization, Content-Type, Origin",
	"Access-Control-Allow-Methods":  "GET, OPTIONS",
	"Access-Control-Allow-Origin":   "*",
	"Access-Control-Expose-Headers": "Date",
}

@GiedriusS that's an interesting question. I wonder how it works right now with Querier. I am looking into this.

[hwoarang]

Even now (thanos 0.16), POST is not allowed from what I see

~$ curl -X POST --head https://thanos.XXXX
HTTP/1.1 405 Method Not Allowed
Allow: GET, OPTIONS
Content-Type: text/plain; charset=utf-8
Date: Thu, 05 Nov 2020 16:43:36 GMT
Vary: Accept-Encoding
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Length: 19
Connection: keep-alive

🤔

[hwoarang]

make test-e2e-local fails randomly but I do not thin it's related to this PR. I believe the test-e2e test failure here is similar.

[bwplotka]

One suggestion and LGTM (:

[bwplotka]

LGTM, thanks!