From 084f603745e4ca9b41148cf1f1f778d4fee5e98a Mon Sep 17 00:00:00 2001
From: Diamond <diamond@arikawa-hi.me>
Date: Thu, 6 Jul 2023 04:25:19 -0700
Subject: [PATCH] Allow cross-origin requests (#3421)

Co-authored-by: pfg <pfg@pfg.pw>
---
 src/lib.rs | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/src/lib.rs b/src/lib.rs
index ce62d0d3..c798db68 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -155,13 +155,17 @@ pub async fn start_lemmy_server() -> Result<(), LemmyError> {
 
   // Create Http server with websocket support
   HttpServer::new(move || {
-    let cors_config = if cfg!(debug_assertions) {
-      Cors::permissive()
-    } else {
-      let cors_origin = std::env::var("LEMMY_CORS_ORIGIN").unwrap_or("http://localhost".into());
-      Cors::default()
-        .allowed_origin(&cors_origin)
-        .allowed_origin(&settings.get_protocol_and_hostname())
+    let cors_origin = std::env::var("LEMMY_CORS_ORIGIN");
+    let cors_config = match (cors_origin, cfg!(debug_assertions)) {
+      (Ok(origin), false) => Cors::default()
+        .allowed_origin(&origin)
+        .allowed_origin(&settings.get_protocol_and_hostname()),
+      _ => Cors::default()
+        .allow_any_origin()
+        .allow_any_method()
+        .allow_any_header()
+        .expose_any_header()
+        .max_age(3600),
     };
 
     let app = App::new()
-- 
2.44.1