add cors control

2024-08-30 18:12:39 +00:00 · 2021-09-04 16:32:34 +08:00 · 2021-09-04 16:32:34 +08:00 · 36c044173d
commit 36c044173d
parent f4ef9bc5f8
4 changed files with 21 additions and 1 deletions
--- a/backend/Cargo.toml
+++ b/backend/Cargo.toml
@ -17,7 +17,7 @@ actix-rt = "2"
 actix-web-actors = { version = "4.0.0-beta.6" }
 actix-service = "2.0.0-beta.5"
 actix-identity = "0.4.0-beta.2"
-#actix-cors = "0.5.4"
+actix-cors = "0.6.0-beta.2"

 futures = "0.3.15"
 bytes = "1"
--- a/backend/src/application.rs
+++ b/backend/src/application.rs
@ -53,6 +53,7 @@ pub fn run(listener: TcpListener, app_ctx: AppContext) -> Result<Server, std::io
        App::new()
            .wrap(middleware::Logger::default())
            .wrap(identify_service(&domain, &secret))
+            .wrap(crate::middleware::default_cors())
            .wrap(crate::middleware::AuthenticationService)
            .app_data(web::JsonConfig::default().limit(4096))
            .service(ws_scope())
--- a/backend/src/middleware/cors_middleware.rs
+++ b/backend/src/middleware/cors_middleware.rs
@ -0,0 +1,17 @@
+use actix_cors::Cors;
+use actix_web::http;
+use flowy_net::config::HEADER_TOKEN;
+
+// https://javascript.info/fetch-crossorigin#cors-for-safe-requests
+// https://docs.rs/actix-cors/0.5.4/actix_cors/index.html
+// http://www.ruanyifeng.com/blog/2016/04/cors.html
+// Cors short for Cross-Origin Resource Sharing.
+pub fn default_cors() -> Cors {
+    Cors::default() // allowed_origin return access-control-allow-origin: * by default
+        // .allowed_origin("http://127.0.0.1:8080")
+        .send_wildcard()
+        .allowed_methods(vec!["GET", "POST", "PUT", "DELETE"])
+        .allowed_headers(vec![http::header::ACCEPT])
+        .allowed_header(http::header::CONTENT_TYPE)
+        .max_age(3600)
+}
--- a/backend/src/middleware/mod.rs
+++ b/backend/src/middleware/mod.rs
@ -1,3 +1,5 @@
 mod auth_middleware;
+mod cors_middleware;

 pub use auth_middleware::*;
+pub use cors_middleware::*;