Adding cors_origin to settings. Fixes #3665 (#4095)

* Adding cors_origin to settings. Fixes #3665

* Fix result to option.

* Forgot to update config defaults.

* Setting a cors origin doku default.

* Adding comments for CORS.
move_env_vars_to_utils
Dessalines 2023-10-25 10:46:34 -04:00 committed by GitHub
parent 64b00ee850
commit 1b751a8cac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 13 additions and 2 deletions

View File

@ -86,4 +86,7 @@
bind: "127.0.0.1"
port: 10002
}
# Sets a response Access-Control-Allow-Origin CORS header
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
cors_origin: "*"
}

View File

@ -49,6 +49,11 @@ pub struct Settings {
#[default(None)]
#[doku(example = "Some(Default::default())")]
pub prometheus: Option<PrometheusConfig>,
/// Sets a response Access-Control-Allow-Origin CORS header
/// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
#[default(None)]
#[doku(example = "*")]
pub cors_origin: Option<String>,
}
#[derive(Debug, Deserialize, Serialize, Clone, SmartDefault, Document)]

View File

@ -282,11 +282,14 @@ fn create_http_server(
let context: LemmyContext = federation_config.deref().clone();
let rate_limit_cell = federation_config.rate_limit_cell().clone();
let self_origin = settings.get_protocol_and_hostname();
let cors_origin_setting = settings.cors_origin;
// Create Http server with websocket support
let server = HttpServer::new(move || {
let cors_origin = env::var("LEMMY_CORS_ORIGIN");
let cors_origin = env::var("LEMMY_CORS_ORIGIN")
.ok()
.or(cors_origin_setting.clone());
let cors_config = match (cors_origin, cfg!(debug_assertions)) {
(Ok(origin), false) => Cors::default()
(Some(origin), false) => Cors::default()
.allowed_origin(&origin)
.allowed_origin(&self_origin),
_ => Cors::default()