From fce70776e7cb53e25416e4c3b3e18c249611434c Mon Sep 17 00:00:00 2001
From: Vika <vika@fireburn.ru>
Date: Tue, 27 Jul 2021 01:45:45 +0300
Subject: Added CORS middleware

This prevents Micropub requests fired from web apps on other domains
from being blocked by overzealous browsers.
---
 src/lib.rs          |  2 ++
 src/micropub/mod.rs | 21 +++++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/src/lib.rs b/src/lib.rs
index d39aa5e..398c3b2 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -5,6 +5,7 @@ mod frontend;
 mod indieauth;
 mod micropub;
 
+use crate::micropub::CORSMiddleware;
 use crate::indieauth::IndieAuthMiddleware;
 
 #[derive(Clone)]
@@ -29,6 +30,7 @@ where
     Storage: database::Storage + Send + Sync + Clone,
 {
     app.at("/micropub")
+        .with(CORSMiddleware {})
         .with(IndieAuthMiddleware::new())
         .get(micropub::get_handler)
         .post(micropub::post_handler);
diff --git a/src/micropub/mod.rs b/src/micropub/mod.rs
index 68a3134..84b9083 100644
--- a/src/micropub/mod.rs
+++ b/src/micropub/mod.rs
@@ -4,3 +4,24 @@ pub mod post;
 pub use get::get_handler;
 pub use post::normalize_mf2;
 pub use post::post_handler;
+
+pub struct CORSMiddleware {}
+
+use async_trait::async_trait;
+use tide::{Next, Request, Result};
+use crate::database;
+use crate::ApplicationState;
+
+#[async_trait]
+impl<B> tide::Middleware<ApplicationState<B>> for CORSMiddleware
+where
+    B: database::Storage + Send + Sync + Clone,
+{
+    async fn handle(&self, req: Request<ApplicationState<B>>, next: Next<'_, ApplicationState<B>>) -> Result {
+        let mut res = next.run(req).await;
+
+        res.insert_header("Access-Control-Allow-Origin", "*");
+
+        Ok(res)
+    }
+}
-- 
cgit 1.4.1