mirror of
				https://github.com/dani-garcia/vaultwarden.git
				synced 2025-10-26 07:50:02 +02:00 
			
		
		
		
	Set correct response headers, status code
This commit is contained in:
		
							
								
								
									
										32
									
								
								src/util.rs
									
									
									
									
									
								
							
							
						
						
									
										32
									
								
								src/util.rs
									
									
									
									
									
								
							| @@ -4,7 +4,7 @@ | ||||
| use rocket::fairing::{Fairing, Info, Kind}; | ||||
| use rocket::response::{self, Responder}; | ||||
| use rocket::{Request, Response}; | ||||
| use rocket::http::{Header, ContentType, Method}; | ||||
| use rocket::http::{Header, HeaderMap, ContentType, Method, Status}; | ||||
| use std::io::Cursor; | ||||
|  | ||||
| pub struct AppHeaders(); | ||||
| @@ -33,9 +33,17 @@ impl Fairing for AppHeaders { | ||||
|     } | ||||
| } | ||||
|  | ||||
|  | ||||
| pub struct CORS(); | ||||
|  | ||||
| impl CORS { | ||||
|     fn get_header(headers: &HeaderMap, name: &str) -> String { | ||||
|         match headers.get_one(name) { | ||||
|             Some(h) => h.to_string(), | ||||
|             _ => "".to_string(), | ||||
|         } | ||||
|     } | ||||
| } | ||||
|  | ||||
| impl Fairing for CORS { | ||||
|     fn info(&self) -> Info { | ||||
|         Info { | ||||
| @@ -45,21 +53,25 @@ impl Fairing for CORS { | ||||
|     } | ||||
|  | ||||
|     fn on_response(&self, request: &Request, response: &mut Response) { | ||||
|         // We need to explictly get the Origin header for Access-Control-Allow-Origin | ||||
|         let origin = match request.headers().get_one("Origin") { | ||||
|             Some(h) => h.to_string(), | ||||
|             _ => "".to_string(), | ||||
|         }; | ||||
|         let req_headers = request.headers(); | ||||
|  | ||||
|         // We need to explicitly get the Origin header for Access-Control-Allow-Origin | ||||
|         let req_allow_origin = CORS::get_header(&req_headers, "Origin"); | ||||
|  | ||||
|         let req_allow_headers = CORS::get_header(&req_headers, "Access-Control-Request-Headers"); | ||||
|  | ||||
|         let req_allow_methods =CORS::get_header(&req_headers,"Access-Control-Request-Methods"); | ||||
|  | ||||
|         if request.method() == Method::Options || response.content_type() == Some(ContentType::JSON) { | ||||
|             // Requests with credentials need explicit values since they do not allow wildcards. | ||||
|             response.set_header(Header::new("Access-Control-Allow-Origin", origin)); | ||||
|             response.set_header(Header::new("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH")); | ||||
|             response.set_header(Header::new("Access-Control-Allow-Headers", "*, Authorization")); | ||||
|             response.set_header(Header::new("Access-Control-Allow-Origin", req_allow_origin)); | ||||
|             response.set_header(Header::new("Access-Control-Allow-Methods", req_allow_methods)); | ||||
|             response.set_header(Header::new("Access-Control-Allow-Headers", req_allow_headers)); | ||||
|             response.set_header(Header::new("Access-Control-Allow-Credentials", "true")); | ||||
|         } | ||||
|  | ||||
|         if request.method() == Method::Options { | ||||
|             response.set_status(Status::Ok); | ||||
|             response.set_header(ContentType::Plain); | ||||
|             response.set_sized_body(Cursor::new("")); | ||||
|         } | ||||
|   | ||||
		Reference in New Issue
	
	Block a user