blah/blahrs
1
0
Fork 0
mirror of https://github.com/Blah-IM/blahrs.git synced 2025-05-01 08:41:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Explicitly allow Authorization header for CORS

Browse source 
It would not be included when just allow `*`.
This commit is contained in:
oxalica 2024-09-03 02:00:55 -04:00
parent b05f704406
commit a9d5eb9631
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
blahd/src/main.rs
View file

@ -156,12 +156,15 @@ async fn main_async(st: AppState) -> Result<()> {
.route("/room/:ruuid/item", get(room_get_item).post(room_post_item)) .route("/room/:ruuid/item", get(room_get_item).post(room_post_item))
.route("/room/:ruuid/admin", post(room_admin)) .route("/room/:ruuid/admin", post(room_admin))
.with_state(st.clone()) .with_state(st.clone())
// NB. This comes at last (outmost layer), so inner errors will still be wrapped with
// correct CORS headers.
.layer(tower_http::limit::RequestBodyLimitLayer::new( .layer(tower_http::limit::RequestBodyLimitLayer::new(
st.config.server.max_request_len, st.config.server.max_request_len,
)) ))
.layer(tower_http::cors::CorsLayer::permissive()); // NB. This comes at last (outmost layer), so inner errors will still be wrapped with
// correct CORS headers. Also `Authorization` must be explicitly included besides `*`.
.layer(
tower_http::cors::CorsLayer::permissive()
.allow_headers([header::HeaderName::from_static("*"), header::AUTHORIZATION]),
);
let listener = tokio::net::TcpListener::bind(&st.config.server.listen) let listener = tokio::net::TcpListener::bind(&st.config.server.listen)
.await .await