commit d821389c2e838c1533bc9e1f5757a5c5719b05e0
parent e7b8602e1f20e0c31327b3aee122a79c08b7282b
Author: Daniel GarcĂa <dani-garcia@users.noreply.github.com>
Date: Sat, 5 Oct 2019 16:09:33 +0200
Merge pull request #639 from vverst/cors-update
Change CORS headers
Diffstat:
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/src/util.rs b/src/util.rs
@@ -42,6 +42,13 @@ impl CORS {
_ => "".to_string(),
}
}
+
+ fn valid_url(url: String) -> String {
+ match url.as_ref() {
+ "file://" => "*".to_string(),
+ _ => url,
+ }
+ }
}
impl Fairing for CORS {
@@ -56,21 +63,17 @@ impl Fairing for CORS {
let req_headers = request.headers();
// We need to explicitly get the Origin header for Access-Control-Allow-Origin
- let req_allow_origin = CORS::get_header(&req_headers, "Origin");
+ let req_allow_origin = CORS::valid_url(CORS::get_header(&req_headers, "Origin"));
- let req_allow_headers = CORS::get_header(&req_headers, "Access-Control-Request-Headers");
+ response.set_header(Header::new("Access-Control-Allow-Origin", req_allow_origin));
- let req_allow_method = CORS::get_header(&req_headers,"Access-Control-Request-Method");
+ if request.method() == Method::Options {
+ let req_allow_headers = CORS::get_header(&req_headers, "Access-Control-Request-Headers");
+ let req_allow_method = CORS::get_header(&req_headers,"Access-Control-Request-Method");
- if request.method() == Method::Options || response.content_type() == Some(ContentType::JSON) {
- // Requests with credentials need explicit values since they do not allow wildcards.
- response.set_header(Header::new("Access-Control-Allow-Origin", req_allow_origin));
response.set_header(Header::new("Access-Control-Allow-Methods", req_allow_method));
response.set_header(Header::new("Access-Control-Allow-Headers", req_allow_headers));
response.set_header(Header::new("Access-Control-Allow-Credentials", "true"));
- }
-
- if request.method() == Method::Options {
response.set_status(Status::Ok);
response.set_header(ContentType::Plain);
response.set_sized_body(Cursor::new(""));
