From 39cf1ade6f35352eb6d92a27e65c29ed6d5e81c4 Mon Sep 17 00:00:00 2001
From: Luca <luca@teapot.ovh>
Date: Thu, 28 Dec 2023 11:46:09 +0100
Subject: [PATCH] move CORS fixing

---
 server/src/api/mod.rs | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/server/src/api/mod.rs b/server/src/api/mod.rs
index 7caf02e..32d534d 100644
--- a/server/src/api/mod.rs
+++ b/server/src/api/mod.rs
@@ -7,7 +7,10 @@ pub mod jsonapi;
 mod tempo;
 
 use axum::{
-    http::header::{ACCEPT, AUTHORIZATION, CONTENT_TYPE},
+    http::{
+        header::{ACCEPT, AUTHORIZATION, CONTENT_TYPE},
+        Method,
+    },
     Router,
 };
 use base::database::get_database;
@@ -15,7 +18,7 @@ pub use error::Error;
 use eyre::Result;
 use sea_orm::DbConn;
 use tower_http::{
-    cors::{AllowOrigin, Any, CorsLayer},
+    cors::{AllowOrigin, CorsLayer},
     trace::TraceLayer,
 };
 
@@ -24,8 +27,16 @@ pub struct AppState(pub DbConn);
 
 pub fn router() -> Result<Router> {
     let cors = CorsLayer::new()
-        .allow_methods(Any)
+        .allow_methods([
+            Method::OPTIONS,
+            Method::HEAD,
+            Method::GET,
+            Method::POST,
+            Method::PUT,
+            Method::PATCH,
+        ])
         .allow_origin(AllowOrigin::mirror_request())
+        .allow_credentials(true)
         .allow_headers([AUTHORIZATION, ACCEPT, CONTENT_TYPE]);
     let tracing = TraceLayer::new_for_http();
     let conn = get_database()?.clone();