From 8adbf9d7eee229734a96faeaa7b26be125aa2037 Mon Sep 17 00:00:00 2001 From: Ilia Date: Sun, 2 Feb 2025 11:06:08 +0300 Subject: [PATCH] fix(cors): set url with chrome-extension:// as regex origin --- aw-server/src/endpoints/cors.rs | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/aw-server/src/endpoints/cors.rs b/aw-server/src/endpoints/cors.rs index 679be1b2..c4d1c4d8 100644 --- a/aw-server/src/endpoints/cors.rs +++ b/aw-server/src/endpoints/cors.rs @@ -3,11 +3,21 @@ use rocket_cors::{AllowedHeaders, AllowedOrigins}; use crate::config::AWConfig; +const CHROME_EXTENSION_PREFIX: &str = "chrome-extension://"; + pub fn cors(config: &AWConfig) -> rocket_cors::Cors { let root_url = format!("http://127.0.0.1:{}", config.port); let root_url_localhost = format!("http://localhost:{}", config.port); let mut allowed_exact_origins = vec![root_url, root_url_localhost]; - allowed_exact_origins.extend(config.cors.clone()); + // url with chrome-extension:// is parsed by url crate as Opaque, so it + // should be used as regex origin + allowed_exact_origins.extend( + config + .cors + .clone() + .into_iter() + .filter(|c| !c.starts_with(CHROME_EXTENSION_PREFIX)), + ); if config.testing { allowed_exact_origins.push("http://127.0.0.1:27180".to_string()); @@ -22,6 +32,13 @@ pub fn cors(config: &AWConfig) -> rocket_cors::Cors { if config.testing { allowed_regex_origins.push("chrome-extension://.*".to_string()); } + allowed_regex_origins.extend( + config + .cors + .clone() + .into_iter() + .filter(|c| c.starts_with(CHROME_EXTENSION_PREFIX)), + ); let allowed_origins = AllowedOrigins::some(&allowed_exact_origins, &allowed_regex_origins); let allowed_methods = vec![Method::Get, Method::Post, Method::Delete] @@ -39,5 +56,6 @@ pub fn cors(config: &AWConfig) -> rocket_cors::Cors { ..Default::default() } .to_cors() + .inspect_err(|e| log::error!("failed to setup cors: {e}")) .expect("Failed to set up CORS") }