From c0f2948b760029314b87b94fc920852365edadac Mon Sep 17 00:00:00 2001 From: SauceyRed Date: Tue, 6 May 2025 00:41:23 +0200 Subject: [PATCH] feat: implement cors --- Cargo.toml | 1 + src/main.rs | 30 ++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/Cargo.toml b/Cargo.toml index e34d9b6..aca7977 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -9,6 +9,7 @@ lto = true codegen-units = 1 [dependencies] +actix-cors = "0.7.1" actix-web = "4.10" argon2 = { version = "0.5.3", features = ["std"] } clap = { version = "4.5.37", features = ["derive"] } diff --git a/src/main.rs b/src/main.rs index 36fa6ba..48b1c4a 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,3 +1,4 @@ +use actix_cors::Cors; use actix_web::{App, HttpServer, web}; use argon2::Argon2; use clap::Parser; @@ -86,9 +87,38 @@ async fn main() -> Result<(), Error> { start_time: SystemTime::now(), }; + HttpServer::new(move || { + // Set CORS headers + let cors = Cors::default() + /* + Set Allowed-Control-Allow-Origin header to whatever + the request's Origin header is. Must be done like this + rather than setting it to "*" due to CORS not allowing + sending of credentials (cookies) with wildcard origin. + */ + .allowed_origin_fn(|_origin, _req_head| { + true + }) + /* + Allows any request method in CORS preflight requests. + This will be restricted to only ones actually in use later. + */ + .allow_any_method() + /* + Allows any header(s) in request in CORS preflight requests. + This wll be restricted to only ones actually in use later. + */ + .allow_any_header() + /* + Allows browser to include cookies in requests. + This is needed for receiving the secure HttpOnly refresh_token cookie. + */ + .supports_credentials(); + App::new() .app_data(web::Data::new(data.clone())) + .wrap(cors) .service(api::web()) }) .bind((web.url, web.port))?