move CORS fixing

lucat1 · Dec 28, 2023 · 39cf1ad · 39cf1ad
1 parent 8f55b35
commit 39cf1ad
Showing 1 changed file with 14 additions and 3 deletions.
diff --git a/server/src/api/mod.rs b/server/src/api/mod.rs
@@ -7,15 +7,18 @@ pub mod jsonapi;
 mod tempo;
 
 use axum::{
-    http::header::{ACCEPT, AUTHORIZATION, CONTENT_TYPE},
+    http::{
+        header::{ACCEPT, AUTHORIZATION, CONTENT_TYPE},
+        Method,
+    },
     Router,
 };
 use base::database::get_database;
 pub use error::Error;
 use eyre::Result;
 use sea_orm::DbConn;
 use tower_http::{
-    cors::{AllowOrigin, Any, CorsLayer},
+    cors::{AllowOrigin, CorsLayer},
     trace::TraceLayer,
 };
 
@@ -24,8 +27,16 @@ pub struct AppState(pub DbConn);
 
 pub fn router() -> Result<Router> {
     let cors = CorsLayer::new()
-        .allow_methods(Any)
+        .allow_methods([
+            Method::OPTIONS,
+            Method::HEAD,
+            Method::GET,
+            Method::POST,
+            Method::PUT,
+            Method::PATCH,
+        ])
         .allow_origin(AllowOrigin::mirror_request())
+        .allow_credentials(true)
         .allow_headers([AUTHORIZATION, ACCEPT, CONTENT_TYPE]);
     let tracing = TraceLayer::new_for_http();
     let conn = get_database()?.clone();