Skip to content
This repository has been archived by the owner on Feb 8, 2024. It is now read-only.

Commit

Permalink
cors: allow every origin hostname, in case host header is rewritten
Browse files Browse the repository at this point in the history
  • Loading branch information
@xvello
xvello committed Nov 14, 2023
1 parent 0b1b0a2 commit 3d78f75
Showing 1 changed file with 1 addition and 5 deletions.
6 changes: 1 addition & 5 deletions capture/src/router.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,11 +47,7 @@ pub fn router<

// Very permissive CORS policy, as old SDK versions
// and reverse proxies might send funky headers.
let cors = CorsLayer::new()
.allow_methods([Method::GET, Method::POST, Method::OPTIONS])
.allow_headers(AllowHeaders::mirror_request())
.allow_credentials(true)
.allow_origin(AllowOrigin::mirror_request());
let cors = CorsLayer::very_permissive();

let router = Router::new()
// TODO: use NormalizePathLayer::trim_trailing_slash
Expand Down

0 comments on commit 3d78f75

Please sign in to comment.