From 92f24d4c1161ba5fa0ca25eb9556ff1f3f57242f Mon Sep 17 00:00:00 2001 From: phoenix Date: Mon, 29 Sep 2025 17:48:49 -0400 Subject: [PATCH] CORS support --- src/main.rs | 39 +++++++++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/src/main.rs b/src/main.rs index edaf8ad..24f2c22 100644 --- a/src/main.rs +++ b/src/main.rs @@ -51,32 +51,47 @@ mod init { // use axum::routing::get; // use axum::routing::Router; - pub fn configure_cors() -> tower_http::cors::CorsLayer { + pub async fn configure_cors() -> tower_http::cors::CorsLayer { // Start building the CORS layer with common settings let cors = tower_http::cors::CorsLayer::new() - .allow_methods([axum::http::Method::GET, axum::http::Method::POST, axum::http::Method::PUT, axum::http::Method::DELETE]) // Specify allowed methods:cite[2] - .allow_headers([axum::http::header::CONTENT_TYPE, axum::http::header::AUTHORIZATION]) // Specify allowed headers:cite[2] + .allow_methods([ + axum::http::Method::GET, + axum::http::Method::POST, + axum::http::Method::PUT, + axum::http::Method::DELETE, + ]) // Specify allowed methods:cite[2] + .allow_headers([ + axum::http::header::CONTENT_TYPE, + axum::http::header::AUTHORIZATION, + ]) // Specify allowed headers:cite[2] .allow_credentials(true) // If you need to send cookies or authentication headers:cite[2] .max_age(std::time::Duration::from_secs(3600)); // Cache the preflight response for 1 hour:cite[2] // Dynamically set the allowed origin based on the environment - match std::env::var("ENVIRONMENT").as_deref() { + match std::env::var(icarus_envy::keys::APP_ENV).as_deref() { Ok("production") => { // In production, allow only your specific, trusted origins + let allowed_origins_env = icarus_envy::environment::get_allowed_origins().await; + // let allowed_origins: Vec = allowed_origins_env.split(",").map(|s| s.to_string()).collect(); + let allowed_origins: Vec = allowed_origins_env.split(",").map(|s| s.parse::().unwrap()).collect(); + cors.allow_origin(allowed_origins) + // cors.allow_origin(vec![""]) + /* cors.allow_origin(vec![ - "https://www.your-production-domain.com".parse::().unwrap(), + "https://www.your-production-domain.com" + .parse::() + .unwrap(), "https://your-production-domain.com".parse().unwrap(), ]) - } - Ok("staging") => { - // Staging environment - cors.allow_origin("https://staging.your-domain.com".parse::().unwrap()) + */ } _ => { // Development (default): Allow localhost origins cors.allow_origin(vec![ - "http://localhost:3000".parse().unwrap(), - "http://127.0.0.1:3000".parse().unwrap(), + "http://localhost:8000".parse().unwrap(), + "http://127.0.0.1:8000".parse().unwrap(), + "http://localhost:4200".parse().unwrap(), + "http://127.0.0.1:4200".parse().unwrap(), ]) } } @@ -110,7 +125,7 @@ mod init { callers::endpoints::REFRESH_TOKEN, post(callers::login::endpoint::refresh_token), ) - .layer(cors::configure_cors()) + .layer(cors::configure_cors().await) } pub async fn app() -> Router {