From fb61f5ba6676f981c6f0cd205dbf9295ef71f65f Mon Sep 17 00:00:00 2001 From: trivernis Date: Thu, 17 Sep 2020 15:23:05 +0200 Subject: [PATCH] Add CORS handling Set the Access-Allow-Origin-Header to * when the environment variable ENABLE_CORS is set to true. Signed-off-by: trivernis --- src/server/http_server.rs | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/server/http_server.rs b/src/server/http_server.rs index be7e795..53ecd30 100644 --- a/src/server/http_server.rs +++ b/src/server/http_server.rs @@ -10,6 +10,7 @@ use std::io::Read; const LISTEN_ADDRESS: &str = "HTTP_SERVER_ADDRESS"; const DEFAULT_LISTEN_ADDRESS: &str = "127.0.0.1:8080"; +const ENV_ENABLE_CORS: &str = "ENABLE_CORS"; /// The HTTP server of the user management that provides a /// REST api for login and requesting tokens @@ -71,7 +72,7 @@ impl UserHttpServer { dotenv::var(LISTEN_ADDRESS).unwrap_or(DEFAULT_LISTEN_ADDRESS.to_string()); let database = Database::clone(&self.database); let server = Server::new(&listen_address, move |request| { - router!(request, + let mut response = router!(request, (POST) (/login) => { Self::login(&database, request).unwrap_or_else(HTTPError::into) }, @@ -82,7 +83,13 @@ impl UserHttpServer { Self::logout(&database, request).unwrap_or_else(HTTPError::into) }, _ => Response::empty_404() - ) + ); + + if dotenv::var(ENV_ENABLE_CORS).unwrap_or("false".to_string()) == "true" { + response = response.with_additional_header("Access-Control-Allow-Origin", "*"); + } + + response }) .unwrap(); log::info!("HTTP-Server running on {}", listen_address);