Cargo.toml

@@ -9,7 +9,6 @@ lto = true
 codegen-units = 1
 
 [dependencies]
-actix-cors = "0.7.1"
 actix-web = "4.10"
 argon2 = { version = "0.5.3", features = ["std"] }
 clap = { version = "4.5.37", features = ["derive"] }

src/main.rs

@@ -1,4 +1,3 @@
-use actix_cors::Cors;
 use actix_web::{App, HttpServer, web};
 use argon2::Argon2;
 use clap::Parser;
@@ -87,38 +86,9 @@ async fn main() -> Result<(), Error> {
         start_time: SystemTime::now(),
     };
 
-    
     HttpServer::new(move || {
-        // Set CORS headers
-        let cors = Cors::default()
-            /*
-                Set Allowed-Control-Allow-Origin header to whatever
-                the request's Origin header is. Must be done like this
-                rather than setting it to "*" due to CORS not allowing
-                sending of credentials (cookies) with wildcard origin.
-            */
-            .allowed_origin_fn(|_origin, _req_head| {
-                true
-            })
-            /*
-                Allows any request method in CORS preflight requests.
-                This will be restricted to only ones actually in use later.
-            */
-            .allow_any_method()
-            /*
-                Allows any header(s) in request in CORS preflight requests.
-                This wll be restricted to only ones actually in use later.
-            */
-            .allow_any_header()
-            /*
-                Allows browser to include cookies in requests.
-                This is needed for receiving the secure HttpOnly refresh_token cookie.
-            */
-            .supports_credentials();
-
         App::new()
             .app_data(web::Data::new(data.clone()))
-            .wrap(cors)
             .service(api::web())
     })
     .bind((web.url, web.port))?