Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F32159701
D15351.1765038983.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Flag For Later
Award Token
Size
1 KB
Referenced Files
None
Subscribers
None
D15351.1765038983.diff
View Options
diff --git a/shared/comm-lib/src/http.rs b/shared/comm-lib/src/http.rs
--- a/shared/comm-lib/src/http.rs
+++ b/shared/comm-lib/src/http.rs
@@ -2,11 +2,24 @@
pub mod auth_service;
pub mod multipart;
+use std::collections::HashSet;
+
use crate::tools::BoxedError;
use actix_cors::Cors;
use actix_web::web::Bytes;
use futures_core::Stream;
+use once_cell::sync::Lazy;
+
+static ALLOWED_ORIGINS: Lazy<HashSet<String>> = Lazy::new(|| {
+ std::env::var("ALLOW_ORIGIN_LIST")
+ .unwrap_or_default()
+ .split(',')
+ .map(|it| it.trim().to_string())
+ .filter(|it| !it.is_empty())
+ .collect()
+});
+
pub fn cors_config(is_sandbox: bool) -> Cors {
// For local development, use relaxed CORS config
if is_sandbox {
@@ -18,6 +31,10 @@
Cors::default()
.allowed_origin("https://web.comm.app")
.allowed_origin("https://comm.software")
+ .allowed_origin_fn(|origin_header, _| match origin_header.to_str() {
+ Ok(origin) => ALLOWED_ORIGINS.contains(origin),
+ _ => false,
+ })
// for local development using prod service
.allowed_origin("http://localhost:3000")
.allowed_methods(vec!["GET", "POST", "PUT", "DELETE", "OPTIONS"])
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sat, Dec 6, 4:36 PM (22 h, 18 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
5839315
Default Alt Text
D15351.1765038983.diff (1 KB)
Attached To
Mode
D15351: [comm-lib] Read CORS allow-origin from env
Attached
Detach File
Event Timeline
Log In to Comment