From: Diamond Date: Thu, 6 Jul 2023 11:25:19 +0000 (-0700) Subject: Allow cross-origin requests (#3421) X-Git-Url: http://these/git/%7B%60%24%7BwebArchiveUrl%7D/%22%7B%7D/%7BpictshareAvatarThumbnail%28admin.avatar%29%7D?a=commitdiff_plain;h=084f603745e4ca9b41148cf1f1f778d4fee5e98a;p=lemmy.git Allow cross-origin requests (#3421) Co-authored-by: pfg --- diff --git a/src/lib.rs b/src/lib.rs index ce62d0d3..c798db68 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -155,13 +155,17 @@ pub async fn start_lemmy_server() -> Result<(), LemmyError> { // Create Http server with websocket support HttpServer::new(move || { - let cors_config = if cfg!(debug_assertions) { - Cors::permissive() - } else { - let cors_origin = std::env::var("LEMMY_CORS_ORIGIN").unwrap_or("http://localhost".into()); - Cors::default() - .allowed_origin(&cors_origin) - .allowed_origin(&settings.get_protocol_and_hostname()) + let cors_origin = std::env::var("LEMMY_CORS_ORIGIN"); + let cors_config = match (cors_origin, cfg!(debug_assertions)) { + (Ok(origin), false) => Cors::default() + .allowed_origin(&origin) + .allowed_origin(&settings.get_protocol_and_hostname()), + _ => Cors::default() + .allow_any_origin() + .allow_any_method() + .allow_any_header() + .expose_any_header() + .max_age(3600), }; let app = App::new()