fix moved value error

.github/workflows/verify_runner_perf.yml

@@ -1,99 +0,0 @@
-name: verify runner performance with sysbench
-
-on:
-  # uncomment to run on push for debugging your PR
-  push:
-    branches: [ 'bodobolero/sysbench_4_perf_runner' ]
-  workflow_dispatch:
-    inputs:
-      runner_labels_json:
-        description: JSON array of runner labels to test (e.g. ["small-amd64","large-amd64"]) 
-        required: false
-        default: '["unit-perf-aws-arm"]'
-
-defaults:
-  run:
-    shell: bash -euxo pipefail {0}
-
-concurrency:
-  group: sysbench-runner-perf
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-
-jobs:
-  sysbench:
-    strategy:
-      fail-fast: false
-      matrix:
-        runner: ${{ fromJSON((github.event_name == 'workflow_dispatch' && inputs.runner_labels_json != '' && inputs.runner_labels_json) || '["unit-perf-aws-arm"]') }}
-    permissions:
-      id-token: write # aws-actions/configure-aws-credentials
-      statuses: write
-      contents: write
-      pull-requests: write
-    runs-on: ${{ matrix.runner }}
-    timeout-minutes: 120
-    container:
-      image: ghcr.io/neondatabase/build-tools:pinned-bookworm
-      credentials:
-        username: ${{ github.actor }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-      # for changed limits, see comments on `options:` earlier in this file
-      options: --init --shm-size=512mb --ulimit memlock=67108864:67108864 --ulimit nofile=65536:65536 --security-opt seccomp=unconfined
-
-    steps:
-      - name: Checkout sysbench source
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          repository: akopytov/sysbench
-          ref: master
-          path: sysbench
-
-      - name: Build sysbench
-        run: |
-          cd "$GITHUB_WORKSPACE/sysbench"
-          ./autogen.sh
-          ./configure --without-mysql
-          make -j"$(nproc || sysctl -n hw.ncpu || echo 2)"
-          ./src/sysbench --version
-
-      - name: sysbench io prepare
-        run: |
-          "$GITHUB_WORKSPACE/sysbench/src/sysbench" fileio \
-            --file-total-size=2G \
-            --file-test-mode=rndrw \
-            --file-extra-flags=direct \
-            --file-fsync-freq=0 \
-            --threads=4 \
-            --time=60 prepare
-
-      - name: sysbench io run
-        run: |
-          "$GITHUB_WORKSPACE/sysbench/src/sysbench" fileio \
-            --file-total-size=2G \
-            --file-test-mode=rndrw \
-            --file-extra-flags=direct \
-            --file-fsync-freq=0 \
-            --threads=4 \
-            --time=60 run
-
-      - name: sysbench cpu
-        run: |
-          "$GITHUB_WORKSPACE/sysbench/src/sysbench" cpu \
-            --cpu-max-prime=200000 \
-            --threads=8 \
-            --time=60 run
-
-      - name: sysbench memory
-        run: |
-          "$GITHUB_WORKSPACE/sysbench/src/sysbench" memory \
-            --memory-block-size=1M \
-            --memory-total-size=0 \
-            --threads=8 \
-            --time=60 \
-            --memory-oper=write \
-            run
-
-

proxy/src/serverless/rest.rs

@@ -8,7 +8,7 @@ use http::Method;
 use http::header::{
     ACCESS_CONTROL_ALLOW_HEADERS, ACCESS_CONTROL_ALLOW_METHODS, ACCESS_CONTROL_ALLOW_ORIGIN,
     ACCESS_CONTROL_EXPOSE_HEADERS, ACCESS_CONTROL_MAX_AGE, ACCESS_CONTROL_REQUEST_HEADERS, ALLOW,
-    AUTHORIZATION, CONTENT_TYPE, HOST, ORIGIN,
+    AUTHORIZATION, CONTENT_TYPE, HOST, ORIGIN, VARY,
 };
 use http_body_util::combinators::BoxBody;
 use http_body_util::{BodyExt, Empty, Full};
@@ -81,6 +81,7 @@ const ACCESS_CONTROL_EXPOSE_HEADERS_VALUE: HeaderValue = HeaderValue::from_stati
     "Content-Encoding, Content-Location, Content-Range, Content-Type, Date, Location, Server, Transfer-Encoding, Range-Unit",
 );
 const ACCESS_CONTROL_ALLOW_HEADERS_VALUE: HeaderValue = HeaderValue::from_static("Authorization");
+const ACCESS_CONTROL_VARY_VALUE: HeaderValue = HeaderValue::from_static("Origin");
 
 // A wrapper around the DbSchema that allows for self-referencing
 #[self_referencing]
@@ -753,6 +754,8 @@ fn apply_common_cors_headers(
                 None
             }
         }
+        // FIXME!: on the first request, when we don't have a cached entry for the config,
+        // allowed_origins is None, so we allow all origins for now but we should fix this
         (Some(_), None) => Some(HEADER_VALUE_ALLOW_ALL_ORIGINS),
         _ => None,
     };
@@ -762,6 +765,9 @@ fn apply_common_cors_headers(
             ACCESS_CONTROL_EXPOSE_HEADERS_VALUE,
         );
         if let Some(origin) = response_allow_origin {
+            if origin != HEADER_VALUE_ALLOW_ALL_ORIGINS {
+                h.insert(VARY, ACCESS_CONTROL_VARY_VALUE);
+            }
             h.insert(ACCESS_CONTROL_ALLOW_ORIGIN, origin);
         }
     }