about summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
authorVika <vika@fireburn.ru>2021-07-27 01:45:45 +0300
committerVika <vika@fireburn.ru>2021-07-27 01:47:59 +0300
commitfce70776e7cb53e25416e4c3b3e18c249611434c (patch)
tree60e9a7c26643fdf0d7fa200b327a0451905e887a /src
parent758fe3ef8baa68e71f766ae5499dfa6988d0d72a (diff)
downloadkittybox-fce70776e7cb53e25416e4c3b3e18c249611434c.tar.zst
Added CORS middleware
This prevents Micropub requests fired from web apps on other domains
from being blocked by overzealous browsers.
Diffstat (limited to 'src')
-rw-r--r--src/lib.rs2
-rw-r--r--src/micropub/mod.rs21
2 files changed, 23 insertions, 0 deletions
diff --git a/src/lib.rs b/src/lib.rs
index d39aa5e..398c3b2 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -5,6 +5,7 @@ mod frontend;
 mod indieauth;
 mod micropub;
 
+use crate::micropub::CORSMiddleware;
 use crate::indieauth::IndieAuthMiddleware;
 
 #[derive(Clone)]
@@ -29,6 +30,7 @@ where
     Storage: database::Storage + Send + Sync + Clone,
 {
     app.at("/micropub")
+        .with(CORSMiddleware {})
         .with(IndieAuthMiddleware::new())
         .get(micropub::get_handler)
         .post(micropub::post_handler);
diff --git a/src/micropub/mod.rs b/src/micropub/mod.rs
index 68a3134..84b9083 100644
--- a/src/micropub/mod.rs
+++ b/src/micropub/mod.rs
@@ -4,3 +4,24 @@ pub mod post;
 pub use get::get_handler;
 pub use post::normalize_mf2;
 pub use post::post_handler;
+
+pub struct CORSMiddleware {}
+
+use async_trait::async_trait;
+use tide::{Next, Request, Result};
+use crate::database;
+use crate::ApplicationState;
+
+#[async_trait]
+impl<B> tide::Middleware<ApplicationState<B>> for CORSMiddleware
+where
+    B: database::Storage + Send + Sync + Clone,
+{
+    async fn handle(&self, req: Request<ApplicationState<B>>, next: Next<'_, ApplicationState<B>>) -> Result {
+        let mut res = next.run(req).await;
+
+        res.insert_header("Access-Control-Allow-Origin", "*");
+
+        Ok(res)
+    }
+}