mirror of
https://github.com/LemmyNet/lemmy.git
synced 2025-03-13 15:02:44 +00:00
* Allow setting multiple values for cors_origin (fixes #5198) * fmt * mention env var
This commit is contained in:
Nutomic
GitHub
parent
012e8c3085
commit
aa3f4f07e3
3 changed files with 20 additions and 25 deletions
|
|
@ -110,7 +110,11 @@
|
||||||
bind: "127.0.0.1"
|
bind: "127.0.0.1"
|
||||||
port: 10002
|
port: 10002
|
||||||
}
|
}
|
||||||
# Sets a response Access-Control-Allow-Origin CORS header
|
# Sets a response Access-Control-Allow-Origin CORS header. Can also be set via environment:
|
||||||
|
# `LEMMY_CORS_ORIGIN=example.org,site.com`
|
||||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
|
||||||
cors_origin: "lemmy.tld"
|
cors_origin: [
|
||||||
|
"lemmy.tld"
|
||||||
|
/* ... */
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -9,30 +9,19 @@ pub fn cors_config(settings: &Settings) -> Cors {
|
||||||
let self_origin = settings.get_protocol_and_hostname();
|
let self_origin = settings.get_protocol_and_hostname();
|
||||||
let cors_origin_setting = settings.cors_origin();
|
let cors_origin_setting = settings.cors_origin();
|
||||||
|
|
||||||
// A default setting for either wildcard, or None
|
let mut cors = Cors::default()
|
||||||
let cors_default = Cors::default()
|
|
||||||
.allow_any_origin()
|
|
||||||
.allow_any_method()
|
.allow_any_method()
|
||||||
.allow_any_header()
|
.allow_any_header()
|
||||||
.expose_any_header()
|
.expose_any_header()
|
||||||
.max_age(3600);
|
.max_age(3600);
|
||||||
|
|
||||||
match (cors_origin_setting.clone(), cfg!(debug_assertions)) {
|
if cfg!(debug_assertions) || cors_origin_setting.contains(&"*".to_string()) {
|
||||||
(Some(origin), false) => {
|
cors = cors.allow_any_origin();
|
||||||
// Need to call send_wildcard() explicitly, passing this into allowed_origin() results in
|
} else {
|
||||||
// error
|
cors = cors.allowed_origin(&self_origin);
|
||||||
if origin == "*" {
|
for c in cors_origin_setting {
|
||||||
cors_default
|
cors = cors.allowed_origin(&c);
|
||||||
} else {
|
|
||||||
Cors::default()
|
|
||||||
.allowed_origin(&origin)
|
|
||||||
.allowed_origin(&self_origin)
|
|
||||||
.allow_any_method()
|
|
||||||
.allow_any_header()
|
|
||||||
.expose_any_header()
|
|
||||||
.max_age(3600)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
_ => cors_default,
|
|
||||||
}
|
}
|
||||||
|
cors
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -44,17 +44,19 @@ pub struct Settings {
|
||||||
// Prometheus configuration.
|
// Prometheus configuration.
|
||||||
#[doku(example = "Some(Default::default())")]
|
#[doku(example = "Some(Default::default())")]
|
||||||
pub prometheus: Option<PrometheusConfig>,
|
pub prometheus: Option<PrometheusConfig>,
|
||||||
/// Sets a response Access-Control-Allow-Origin CORS header
|
/// Sets a response Access-Control-Allow-Origin CORS header. Can also be set via environment:
|
||||||
|
/// `LEMMY_CORS_ORIGIN=example.org,site.com`
|
||||||
/// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
|
/// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
|
||||||
#[doku(example = "lemmy.tld")]
|
#[doku(example = "lemmy.tld")]
|
||||||
cors_origin: Option<String>,
|
cors_origin: Vec<String>,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Settings {
|
impl Settings {
|
||||||
pub fn cors_origin(&self) -> Option<String> {
|
pub fn cors_origin(&self) -> Vec<String> {
|
||||||
env::var("LEMMY_CORS_ORIGIN")
|
env::var("LEMMY_CORS_ORIGIN")
|
||||||
.ok()
|
.ok()
|
||||||
.or(self.cors_origin.clone())
|
.map(|e| e.split(',').map(ToString::to_string).collect())
|
||||||
|
.unwrap_or(self.cors_origin.clone())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue