diff options
author | Vika <vika@fireburn.ru> | 2021-07-27 01:45:45 +0300 |
---|---|---|
committer | Vika <vika@fireburn.ru> | 2021-07-27 01:47:59 +0300 |
commit | fce70776e7cb53e25416e4c3b3e18c249611434c (patch) | |
tree | 60e9a7c26643fdf0d7fa200b327a0451905e887a | |
parent | 758fe3ef8baa68e71f766ae5499dfa6988d0d72a (diff) | |
download | kittybox-fce70776e7cb53e25416e4c3b3e18c249611434c.tar.zst |
Added CORS middleware
This prevents Micropub requests fired from web apps on other domains from being blocked by overzealous browsers.
-rw-r--r-- | src/lib.rs | 2 | ||||
-rw-r--r-- | src/micropub/mod.rs | 21 |
2 files changed, 23 insertions, 0 deletions
diff --git a/src/lib.rs b/src/lib.rs index d39aa5e..398c3b2 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -5,6 +5,7 @@ mod frontend; mod indieauth; mod micropub; +use crate::micropub::CORSMiddleware; use crate::indieauth::IndieAuthMiddleware; #[derive(Clone)] @@ -29,6 +30,7 @@ where Storage: database::Storage + Send + Sync + Clone, { app.at("/micropub") + .with(CORSMiddleware {}) .with(IndieAuthMiddleware::new()) .get(micropub::get_handler) .post(micropub::post_handler); diff --git a/src/micropub/mod.rs b/src/micropub/mod.rs index 68a3134..84b9083 100644 --- a/src/micropub/mod.rs +++ b/src/micropub/mod.rs @@ -4,3 +4,24 @@ pub mod post; pub use get::get_handler; pub use post::normalize_mf2; pub use post::post_handler; + +pub struct CORSMiddleware {} + +use async_trait::async_trait; +use tide::{Next, Request, Result}; +use crate::database; +use crate::ApplicationState; + +#[async_trait] +impl<B> tide::Middleware<ApplicationState<B>> for CORSMiddleware +where + B: database::Storage + Send + Sync + Clone, +{ + async fn handle(&self, req: Request<ApplicationState<B>>, next: Next<'_, ApplicationState<B>>) -> Result { + let mut res = next.run(req).await; + + res.insert_header("Access-Control-Allow-Origin", "*"); + + Ok(res) + } +} |