From fce70776e7cb53e25416e4c3b3e18c249611434c Mon Sep 17 00:00:00 2001 From: Vika Date: Tue, 27 Jul 2021 01:45:45 +0300 Subject: Added CORS middleware This prevents Micropub requests fired from web apps on other domains from being blocked by overzealous browsers. --- src/lib.rs | 2 ++ src/micropub/mod.rs | 21 +++++++++++++++++++++ 2 files changed, 23 insertions(+) (limited to 'src') diff --git a/src/lib.rs b/src/lib.rs index d39aa5e..398c3b2 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -5,6 +5,7 @@ mod frontend; mod indieauth; mod micropub; +use crate::micropub::CORSMiddleware; use crate::indieauth::IndieAuthMiddleware; #[derive(Clone)] @@ -29,6 +30,7 @@ where Storage: database::Storage + Send + Sync + Clone, { app.at("/micropub") + .with(CORSMiddleware {}) .with(IndieAuthMiddleware::new()) .get(micropub::get_handler) .post(micropub::post_handler); diff --git a/src/micropub/mod.rs b/src/micropub/mod.rs index 68a3134..84b9083 100644 --- a/src/micropub/mod.rs +++ b/src/micropub/mod.rs @@ -4,3 +4,24 @@ pub mod post; pub use get::get_handler; pub use post::normalize_mf2; pub use post::post_handler; + +pub struct CORSMiddleware {} + +use async_trait::async_trait; +use tide::{Next, Request, Result}; +use crate::database; +use crate::ApplicationState; + +#[async_trait] +impl tide::Middleware> for CORSMiddleware +where + B: database::Storage + Send + Sync + Clone, +{ + async fn handle(&self, req: Request>, next: Next<'_, ApplicationState>) -> Result { + let mut res = next.run(req).await; + + res.insert_header("Access-Control-Allow-Origin", "*"); + + Ok(res) + } +} -- cgit 1.4.1