mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2025-01-14 16:25:03 -05:00
Set correct response headers, status code
This commit is contained in:
parent
16d88402cb
commit
5a2f968d7a
32
src/util.rs
32
src/util.rs
@ -4,7 +4,7 @@
|
|||||||
use rocket::fairing::{Fairing, Info, Kind};
|
use rocket::fairing::{Fairing, Info, Kind};
|
||||||
use rocket::response::{self, Responder};
|
use rocket::response::{self, Responder};
|
||||||
use rocket::{Request, Response};
|
use rocket::{Request, Response};
|
||||||
use rocket::http::{Header, ContentType, Method};
|
use rocket::http::{Header, HeaderMap, ContentType, Method, Status};
|
||||||
use std::io::Cursor;
|
use std::io::Cursor;
|
||||||
|
|
||||||
pub struct AppHeaders();
|
pub struct AppHeaders();
|
||||||
@ -33,9 +33,17 @@ impl Fairing for AppHeaders {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
pub struct CORS();
|
pub struct CORS();
|
||||||
|
|
||||||
|
impl CORS {
|
||||||
|
fn get_header(headers: &HeaderMap, name: &str) -> String {
|
||||||
|
match headers.get_one(name) {
|
||||||
|
Some(h) => h.to_string(),
|
||||||
|
_ => "".to_string(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
impl Fairing for CORS {
|
impl Fairing for CORS {
|
||||||
fn info(&self) -> Info {
|
fn info(&self) -> Info {
|
||||||
Info {
|
Info {
|
||||||
@ -45,21 +53,25 @@ impl Fairing for CORS {
|
|||||||
}
|
}
|
||||||
|
|
||||||
fn on_response(&self, request: &Request, response: &mut Response) {
|
fn on_response(&self, request: &Request, response: &mut Response) {
|
||||||
// We need to explictly get the Origin header for Access-Control-Allow-Origin
|
let req_headers = request.headers();
|
||||||
let origin = match request.headers().get_one("Origin") {
|
|
||||||
Some(h) => h.to_string(),
|
// We need to explicitly get the Origin header for Access-Control-Allow-Origin
|
||||||
_ => "".to_string(),
|
let req_allow_origin = CORS::get_header(&req_headers, "Origin");
|
||||||
};
|
|
||||||
|
let req_allow_headers = CORS::get_header(&req_headers, "Access-Control-Request-Headers");
|
||||||
|
|
||||||
|
let req_allow_methods =CORS::get_header(&req_headers,"Access-Control-Request-Methods");
|
||||||
|
|
||||||
if request.method() == Method::Options || response.content_type() == Some(ContentType::JSON) {
|
if request.method() == Method::Options || response.content_type() == Some(ContentType::JSON) {
|
||||||
// Requests with credentials need explicit values since they do not allow wildcards.
|
// Requests with credentials need explicit values since they do not allow wildcards.
|
||||||
response.set_header(Header::new("Access-Control-Allow-Origin", origin));
|
response.set_header(Header::new("Access-Control-Allow-Origin", req_allow_origin));
|
||||||
response.set_header(Header::new("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH"));
|
response.set_header(Header::new("Access-Control-Allow-Methods", req_allow_methods));
|
||||||
response.set_header(Header::new("Access-Control-Allow-Headers", "*, Authorization"));
|
response.set_header(Header::new("Access-Control-Allow-Headers", req_allow_headers));
|
||||||
response.set_header(Header::new("Access-Control-Allow-Credentials", "true"));
|
response.set_header(Header::new("Access-Control-Allow-Credentials", "true"));
|
||||||
}
|
}
|
||||||
|
|
||||||
if request.method() == Method::Options {
|
if request.method() == Method::Options {
|
||||||
|
response.set_status(Status::Ok);
|
||||||
response.set_header(ContentType::Plain);
|
response.set_header(ContentType::Plain);
|
||||||
response.set_sized_body(Cursor::new(""));
|
response.set_sized_body(Cursor::new(""));
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user