Commit b0bcef3
fix(cors): allow Office add-in origins (addin.postguard.eu + localhost:3000) and DELETE method (#179)
* fix(cors): allow Office add-in origins + DELETE method
Browser callers from the Office add-in were blocked by CORS when reaching
/fileupload/* and /filedownload/*: the preflight returned no
Access-Control-Allow-Origin because the production allowed_origins regex
only matched the postguard.eu/nl website.
- conf/config.toml: extend allowed_origins to also match
https://addin.postguard.eu (Outlook prod) and https://localhost:3000
(Office add-in dev), keeping the existing postguard.(eu|nl) origins.
- build_rocket CORS: add DELETE to allowed_methods so the preflight
advertises GET, POST, PUT, DELETE. Content-Type and Authorization are
already in the allowed-headers list.
- Add integration tests over the real build_rocket CORS fairing asserting
the preflight succeeds (echoes Allow-Origin, advertises all four methods
and the required headers) for both add-in origins, and is rejected for an
unlisted origin.
Refs encryption4all/postguard#154
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* docs(test): correct misleading PROD_ALLOWED_ORIGINS comment
The comment claimed a config typo would fail the suite, but the CORS
tests use this hand-maintained copy and never read conf/config.toml.
Reword to state it is a copy that must be kept in sync.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---------
Co-authored-by: dobby-yivi-agent[bot] <275734547+dobby-yivi-agent[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>1 parent 7f6bfb3 commit b0bcef3
2 files changed
Lines changed: 111 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
7 | 7 | | |
8 | 8 | | |
9 | 9 | | |
10 | | - | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
11 | 14 | | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1250 | 1250 | | |
1251 | 1251 | | |
1252 | 1252 | | |
1253 | | - | |
| 1253 | + | |
1254 | 1254 | | |
1255 | 1255 | | |
1256 | 1256 | | |
| |||
2578 | 2578 | | |
2579 | 2579 | | |
2580 | 2580 | | |
| 2581 | + | |
| 2582 | + | |
| 2583 | + | |
| 2584 | + | |
| 2585 | + | |
| 2586 | + | |
| 2587 | + | |
| 2588 | + | |
| 2589 | + | |
| 2590 | + | |
| 2591 | + | |
| 2592 | + | |
| 2593 | + | |
| 2594 | + | |
| 2595 | + | |
| 2596 | + | |
| 2597 | + | |
| 2598 | + | |
| 2599 | + | |
| 2600 | + | |
| 2601 | + | |
| 2602 | + | |
| 2603 | + | |
| 2604 | + | |
| 2605 | + | |
| 2606 | + | |
| 2607 | + | |
| 2608 | + | |
| 2609 | + | |
| 2610 | + | |
| 2611 | + | |
| 2612 | + | |
| 2613 | + | |
| 2614 | + | |
| 2615 | + | |
| 2616 | + | |
| 2617 | + | |
| 2618 | + | |
| 2619 | + | |
| 2620 | + | |
| 2621 | + | |
| 2622 | + | |
| 2623 | + | |
| 2624 | + | |
| 2625 | + | |
| 2626 | + | |
| 2627 | + | |
| 2628 | + | |
| 2629 | + | |
| 2630 | + | |
| 2631 | + | |
| 2632 | + | |
| 2633 | + | |
| 2634 | + | |
| 2635 | + | |
| 2636 | + | |
| 2637 | + | |
| 2638 | + | |
| 2639 | + | |
| 2640 | + | |
| 2641 | + | |
| 2642 | + | |
| 2643 | + | |
| 2644 | + | |
| 2645 | + | |
| 2646 | + | |
| 2647 | + | |
| 2648 | + | |
| 2649 | + | |
| 2650 | + | |
| 2651 | + | |
| 2652 | + | |
| 2653 | + | |
| 2654 | + | |
| 2655 | + | |
| 2656 | + | |
| 2657 | + | |
| 2658 | + | |
| 2659 | + | |
| 2660 | + | |
| 2661 | + | |
| 2662 | + | |
| 2663 | + | |
| 2664 | + | |
| 2665 | + | |
| 2666 | + | |
| 2667 | + | |
| 2668 | + | |
| 2669 | + | |
| 2670 | + | |
| 2671 | + | |
| 2672 | + | |
| 2673 | + | |
| 2674 | + | |
| 2675 | + | |
| 2676 | + | |
| 2677 | + | |
| 2678 | + | |
| 2679 | + | |
| 2680 | + | |
| 2681 | + | |
| 2682 | + | |
| 2683 | + | |
| 2684 | + | |
| 2685 | + | |
| 2686 | + | |
2581 | 2687 | | |
2582 | 2688 | | |
2583 | 2689 | | |
| |||
0 commit comments