summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSanto Cariotti <santo@dcariotti.me>2022-11-21 08:43:07 +0100
committerSanto Cariotti <santo@dcariotti.me>2022-11-21 11:14:53 +0100
commit7d661b657bbc31062e90b1a9c2bd8666627c2e07 (patch)
treea2576da3ca2f548f8bc753e5e5e4d99c1bf88795
parented6e98137754f168480e0700063b01f14dd4f240 (diff)
Add CORS rules
-rw-r--r--server/Cargo.toml2
-rw-r--r--server/src/main.rs22
2 files changed, 20 insertions, 4 deletions
diff --git a/server/Cargo.toml b/server/Cargo.toml
index f5cf075..8bceb99 100644
--- a/server/Cargo.toml
+++ b/server/Cargo.toml
@@ -15,7 +15,7 @@ serde_json = "1.0"
tokio = { version = "1.20", features = ["full"] }
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
-tower-http = { version = "0.3.4", features = ["trace", "compression-br", "propagate-header", "sensitive-headers"] }
+tower-http = { version = "0.3.4", features = ["trace", "cors", "compression-br", "propagate-header", "sensitive-headers"] }
sqlx = { version = "0.6", features = [ "runtime-tokio-rustls", "postgres" ] }
sha256 = "1.0.3"
validator = { version = "0.16.0", features = ["derive"] }
diff --git a/server/src/main.rs b/server/src/main.rs
index 4a211fd..7da56d6 100644
--- a/server/src/main.rs
+++ b/server/src/main.rs
@@ -5,12 +5,16 @@ mod models;
mod routes;
use axum::{
- http::{header, Request},
+ http::{header, Method, Request},
Router,
};
use std::time::Duration;
-use tower_http::sensitive_headers::SetSensitiveHeadersLayer;
-use tower_http::{classify::ServerErrorsFailureClass, trace::TraceLayer};
+use tower_http::{
+ classify::ServerErrorsFailureClass,
+ cors::{Any, CorsLayer},
+ sensitive_headers::SetSensitiveHeadersLayer,
+ trace::TraceLayer,
+};
use tracing::Span;
/// Main application, called by the execution of the software
@@ -57,4 +61,16 @@ async fn create_app() -> Router {
},
),
)
+ .layer(
+ CorsLayer::new()
+ .allow_methods([
+ Method::OPTIONS,
+ Method::GET,
+ Method::POST,
+ Method::PUT,
+ Method::DELETE,
+ ])
+ .allow_headers(vec![header::CONTENT_TYPE, header::AUTHORIZATION])
+ .allow_origin(Any),
+ )
}