mirror of
https://github.com/dani-garcia/vaultwarden
synced 2024-12-15 01:53:43 +01:00
Initial version of CORS support
This commit is contained in:
parent
7dcf18151d
commit
16d88402cb
2 changed files with 37 additions and 1 deletions
|
@ -250,7 +250,8 @@ fn launch_rocket() {
|
||||||
let rocket = rocket
|
let rocket = rocket
|
||||||
.manage(db::init_pool())
|
.manage(db::init_pool())
|
||||||
.manage(api::start_notification_server())
|
.manage(api::start_notification_server())
|
||||||
.attach(util::AppHeaders());
|
.attach(util::AppHeaders())
|
||||||
|
.attach(util::CORS());
|
||||||
|
|
||||||
// Launch and print error if there is one
|
// Launch and print error if there is one
|
||||||
// The launch will restore the original logging level
|
// The launch will restore the original logging level
|
||||||
|
|
35
src/util.rs
35
src/util.rs
|
@ -4,6 +4,8 @@
|
||||||
use rocket::fairing::{Fairing, Info, Kind};
|
use rocket::fairing::{Fairing, Info, Kind};
|
||||||
use rocket::response::{self, Responder};
|
use rocket::response::{self, Responder};
|
||||||
use rocket::{Request, Response};
|
use rocket::{Request, Response};
|
||||||
|
use rocket::http::{Header, ContentType, Method};
|
||||||
|
use std::io::Cursor;
|
||||||
|
|
||||||
pub struct AppHeaders();
|
pub struct AppHeaders();
|
||||||
|
|
||||||
|
@ -31,6 +33,39 @@ impl Fairing for AppHeaders {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
pub struct CORS();
|
||||||
|
|
||||||
|
impl Fairing for CORS {
|
||||||
|
fn info(&self) -> Info {
|
||||||
|
Info {
|
||||||
|
name: "Add CORS headers to requests",
|
||||||
|
kind: Kind::Response
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn on_response(&self, request: &Request, response: &mut Response) {
|
||||||
|
// We need to explictly get the Origin header for Access-Control-Allow-Origin
|
||||||
|
let origin = match request.headers().get_one("Origin") {
|
||||||
|
Some(h) => h.to_string(),
|
||||||
|
_ => "".to_string(),
|
||||||
|
};
|
||||||
|
|
||||||
|
if request.method() == Method::Options || response.content_type() == Some(ContentType::JSON) {
|
||||||
|
// Requests with credentials need explicit values since they do not allow wildcards.
|
||||||
|
response.set_header(Header::new("Access-Control-Allow-Origin", origin));
|
||||||
|
response.set_header(Header::new("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH"));
|
||||||
|
response.set_header(Header::new("Access-Control-Allow-Headers", "*, Authorization"));
|
||||||
|
response.set_header(Header::new("Access-Control-Allow-Credentials", "true"));
|
||||||
|
}
|
||||||
|
|
||||||
|
if request.method() == Method::Options {
|
||||||
|
response.set_header(ContentType::Plain);
|
||||||
|
response.set_sized_body(Cursor::new(""));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
pub struct Cached<R>(R, &'static str);
|
pub struct Cached<R>(R, &'static str);
|
||||||
|
|
||||||
impl<R> Cached<R> {
|
impl<R> Cached<R> {
|
||||||
|
|
Loading…
Reference in a new issue