vividboarder/bitwarden_rs
1
0
Fork 0
mirror of https://github.com/ViViDboarder/bitwarden_rs.git synced 2024-11-22 21:26:38 +00:00
Code Issues Releases Wiki Activity

Set correct response headers, status code

Browse Source
This commit is contained in:
vpl 2019-09-02 21:13:12 +02:00
parent 16d88402cb
commit 5a2f968d7a
1 changed files with 22 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/util.rs
View File

@ -4,7 +4,7 @@
use rocket::fairing::{Fairing, Info, Kind}; use rocket::fairing::{Fairing, Info, Kind};
use rocket::response::{self, Responder}; use rocket::response::{self, Responder};
use rocket::{Request, Response}; use rocket::{Request, Response};
use rocket::http::{Header, ContentType, Method}; use rocket::http::{Header, HeaderMap, ContentType, Method, Status};
use std::io::Cursor; use std::io::Cursor;
pub struct AppHeaders(); pub struct AppHeaders();
@ -33,9 +33,17 @@ impl Fairing for AppHeaders {
} }
} }
pub struct CORS(); pub struct CORS();
impl CORS {
fn get_header(headers: &HeaderMap, name: &str) -> String {
match headers.get_one(name) {
Some(h) => h.to_string(),
_ => "".to_string(),
}
}
}
impl Fairing for CORS { impl Fairing for CORS {
fn info(&self) -> Info { fn info(&self) -> Info {
Info { Info {
@ -45,21 +53,25 @@ impl Fairing for CORS {
} }
fn on_response(&self, request: &Request, response: &mut Response) { fn on_response(&self, request: &Request, response: &mut Response) {
// We need to explictly get the Origin header for Access-Control-Allow-Origin let req_headers = request.headers();
let origin = match request.headers().get_one("Origin") {
Some(h) => h.to_string(), // We need to explicitly get the Origin header for Access-Control-Allow-Origin
_ => "".to_string(), let req_allow_origin = CORS::get_header(&req_headers, "Origin");
};
let req_allow_headers = CORS::get_header(&req_headers, "Access-Control-Request-Headers");
let req_allow_methods =CORS::get_header(&req_headers,"Access-Control-Request-Methods");
if request.method() == Method::Options || response.content_type() == Some(ContentType::JSON) { if request.method() == Method::Options || response.content_type() == Some(ContentType::JSON) {
// Requests with credentials need explicit values since they do not allow wildcards. // Requests with credentials need explicit values since they do not allow wildcards.
response.set_header(Header::new("Access-Control-Allow-Origin", origin)); response.set_header(Header::new("Access-Control-Allow-Origin", req_allow_origin));
response.set_header(Header::new("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH")); response.set_header(Header::new("Access-Control-Allow-Methods", req_allow_methods));
response.set_header(Header::new("Access-Control-Allow-Headers", "*, Authorization")); response.set_header(Header::new("Access-Control-Allow-Headers", req_allow_headers));
response.set_header(Header::new("Access-Control-Allow-Credentials", "true")); response.set_header(Header::new("Access-Control-Allow-Credentials", "true"));
} }
if request.method() == Method::Options { if request.method() == Method::Options {
response.set_status(Status::Ok);
response.set_header(ContentType::Plain); response.set_header(ContentType::Plain);
response.set_sized_body(Cursor::new("")); response.set_sized_body(Cursor::new(""));
} }