From d67a7ce0ca8afbd02a8768a63e24dff84ed762f2 Mon Sep 17 00:00:00 2001
From: Radical <radical@radical.fun>
Date: Fri, 18 Jul 2025 12:00:28 +0200
Subject: [PATCH] fix: try explicitly setting methods and headers

---
 src/main.rs | 28 +++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index 9624d18..baf4a61 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,5 +1,5 @@
 use argon2::Argon2;
-use axum::Router;
+use axum::{http::header, Router};
 use clap::Parser;
 use diesel_async::pooled_connection::AsyncDieselConnectionManager;
 use diesel_async::pooled_connection::deadpool::Pool;
@@ -131,16 +131,22 @@ async fn main() -> Result<(), Error> {
         .allow_origin(AllowOrigin::predicate(|_origin, _request_head| {
             true
         }))
-        // Allow any method
-        .allow_methods(AllowMethods::mirror_request())
-        // Allow any headers
-        .allow_headers(AllowHeaders::mirror_request())
-        /*
-        vec![
-            "content-type".parse().unwrap(),
-            "authorization".parse().unwrap(),
-        ]
-        */
+        .allow_methods(AllowMethods::list([
+            "GET".parse().unwrap(),
+            "POST".parse().unwrap(),
+            "PUT".parse().unwrap(),
+            "PATCH".parse().unwrap(),
+            "DELETE".parse().unwrap(), 
+            "OPTIONS".parse().unwrap(),
+        ]))
+        .allow_headers(AllowHeaders::list([
+            header::AUTHORIZATION,
+            header::CONTENT_TYPE,
+            header::ORIGIN,
+            header::ACCEPT,
+            header::COOKIE,
+            "x-requested-with".parse().unwrap(),
+        ]))
         // Allow credentials
         .allow_credentials(true);