topaLE
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Set correct response headers, status code

pull/599/head
vpl 5 years ago
parent
16d88402cb
commit
5a2f968d7a
1 changed files with 22 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 32
      src/util.rs

32
src/util.rs
View File

@ -4,7 +4,7 @@
use rocket::fairing::{Fairing, Info, Kind};
use rocket::response::{self, Responder};
use rocket::{Request, Response};
use rocket::http::{Header, ContentType, Method};
use rocket::http::{Header, HeaderMap, ContentType, Method, Status};
use std::io::Cursor;
pub struct AppHeaders();
@ -33,9 +33,17 @@ impl Fairing for AppHeaders {
}
}
pub struct CORS();
impl CORS {
fn get_header(headers: &HeaderMap, name: &str) -> String {
match headers.get_one(name) {
Some(h) => h.to_string(),
_ => "".to_string(),
}
}
}
impl Fairing for CORS {
fn info(&self) -> Info {
Info {
@ -45,21 +53,25 @@ impl Fairing for CORS {
}
fn on_response(&self, request: &Request, response: &mut Response) {
// We need to explictly get the Origin header for Access-Control-Allow-Origin
let origin = match request.headers().get_one("Origin") {
Some(h) => h.to_string(),
_ => "".to_string(),
};
let req_headers = request.headers();
// We need to explicitly get the Origin header for Access-Control-Allow-Origin
let req_allow_origin = CORS::get_header(&req_headers, "Origin");
let req_allow_headers = CORS::get_header(&req_headers, "Access-Control-Request-Headers");
let req_allow_methods =CORS::get_header(&req_headers,"Access-Control-Request-Methods");
if request.method() == Method::Options || response.content_type() == Some(ContentType::JSON) {
// Requests with credentials need explicit values since they do not allow wildcards.
response.set_header(Header::new("Access-Control-Allow-Origin", origin));
response.set_header(Header::new("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH"));
response.set_header(Header::new("Access-Control-Allow-Headers", "*, Authorization"));
response.set_header(Header::new("Access-Control-Allow-Origin", req_allow_origin));
response.set_header(Header::new("Access-Control-Allow-Methods", req_allow_methods));
response.set_header(Header::new("Access-Control-Allow-Headers", req_allow_headers));
response.set_header(Header::new("Access-Control-Allow-Credentials", "true"));
}
if request.method() == Method::Options {
response.set_status(Status::Ok);
response.set_header(ContentType::Plain);
response.set_sized_body(Cursor::new(""));
}

Write Preview
Loading…
Cancel
Save