Allow cross-origin requests

Co-authored-by: diamondburned <diamond@arikawa-hi.me>
2023-06-29 22:35:20 -07:00 · 2023-06-29 22:35:20 -07:00 · 0163d11c70
commit 0163d11c70
parent ff47d97bd3
1 changed files with 10 additions and 6 deletions
--- a/src/lib.rs
+++ b/src/lib.rs
@ -136,13 +136,17 @@ pub async fn start_lemmy_server() -> Result<(), LemmyError> {

  // Create Http server with websocket support
  HttpServer::new(move || {
-    let cors_config = if cfg!(debug_assertions) {
-      Cors::permissive()
-    } else {
-      let cors_origin = std::env::var("LEMMY_CORS_ORIGIN").unwrap_or("http://localhost".into());
-      Cors::default()
+    let cors_origin = std::env::var("LEMMY_CORS_ORIGIN");
+    let cors_config = match cors_origin {
+      Ok(cors_origin) => Cors::default()
        .allowed_origin(&cors_origin)
-        .allowed_origin(&settings.get_protocol_and_hostname())
+        .allowed_origin(&settings.get_protocol_and_hostname()),
+      Err(_) => Cors::default()
+        .allow_any_origin()
+        .allow_any_method()
+        .allow_any_header()
+        .expose_any_header()
+        .max_age(3600),
    };

    App::new()