diff options
author | William Carroll <wpcarro@gmail.com> | 2020-07-31T17·30+0100 |
---|---|---|
committer | William Carroll <wpcarro@gmail.com> | 2020-07-31T17·31+0100 |
commit | 29a00dc571b53b08064915c34e0d951467b6f1e4 (patch) | |
tree | f143048f622af32a69830ea5b93672573614f576 | |
parent | cdaa449670318373fa581263284ed09d75645ac5 (diff) |
Configure non-simple CORS server-side
@dmjio says (probably correctly) that it's best to just serve the client from the server and circumvent CORS issues altogether. One day I will set that up. For now, this works... *sigh*
-rw-r--r-- | shell.nix | 1 | ||||
-rw-r--r-- | src/App.hs | 16 |
2 files changed, 14 insertions, 3 deletions
diff --git a/shell.nix b/shell.nix index 811061186e2e..567b71060b7b 100644 --- a/shell.nix +++ b/shell.nix @@ -12,6 +12,7 @@ in pkgs.mkShell { hpkgs.aeson hpkgs.resource-pool hpkgs.sqlite-simple + hpkgs.wai-cors hpkgs.warp hpkgs.cryptonite hpkgs.uuid diff --git a/src/App.hs b/src/App.hs index e5b8de7e7e7f..abd1bfba96bd 100644 --- a/src/App.hs +++ b/src/App.hs @@ -10,13 +10,14 @@ module App where import Control.Monad.IO.Class (liftIO) import Data.String.Conversions (cs) import Data.Text (Text) -import Network.Wai.Handler.Warp as Warp import Servant import Servant.Server.Internal.ServerError import API import Utils import Web.Cookie +import qualified Network.Wai.Handler.Warp as Warp +import qualified Network.Wai.Middleware.Cors as Cors import qualified System.Random as Random import qualified Email as Email import qualified Crypto.KDF.BCrypt as BC @@ -205,5 +206,14 @@ server config@T.Config{..} = createAccount pure NoContent run :: T.Config -> IO () -run config = - Warp.run 3000 (serve (Proxy @ API) $ server config) +run config@T.Config{..} = + Warp.run 3000 (enforceCors $ serve (Proxy @ API) $ server config) + where + enforceCors = Cors.cors (const $ Just corsPolicy) + corsPolicy :: Cors.CorsResourcePolicy + corsPolicy = + Cors.simpleCorsResourcePolicy + { Cors.corsOrigins = Just ([cs configClient], True) + , Cors.corsMethods = Cors.simpleMethods ++ ["PUT", "PATCH", "DELETE", "OPTIONS"] + , Cors.corsRequestHeaders = Cors.simpleHeaders ++ ["Content-Type", "Authorization"] + } |