about summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
authorWilliam Carroll <wpcarro@gmail.com>2020-07-31T17·30+0100
committerWilliam Carroll <wpcarro@gmail.com>2020-07-31T17·31+0100
commit29a00dc571b53b08064915c34e0d951467b6f1e4 (patch)
treef143048f622af32a69830ea5b93672573614f576 /src
parentcdaa449670318373fa581263284ed09d75645ac5 (diff)
Configure non-simple CORS server-side
@dmjio says (probably correctly) that it's best to just serve the client from
the server and circumvent CORS issues altogether.

One day I will set that up. For now, this works... *sigh*
Diffstat (limited to 'src')
-rw-r--r--src/App.hs16
1 files changed, 13 insertions, 3 deletions
diff --git a/src/App.hs b/src/App.hs
index e5b8de7e7e7f..abd1bfba96bd 100644
--- a/src/App.hs
+++ b/src/App.hs
@@ -10,13 +10,14 @@ module App where
 import Control.Monad.IO.Class (liftIO)
 import Data.String.Conversions (cs)
 import Data.Text (Text)
-import Network.Wai.Handler.Warp as Warp
 import Servant
 import Servant.Server.Internal.ServerError
 import API
 import Utils
 import Web.Cookie
 
+import qualified Network.Wai.Handler.Warp as Warp
+import qualified Network.Wai.Middleware.Cors as Cors
 import qualified System.Random as Random
 import qualified Email as Email
 import qualified Crypto.KDF.BCrypt as BC
@@ -205,5 +206,14 @@ server config@T.Config{..} = createAccount
         pure NoContent
 
 run :: T.Config -> IO ()
-run config =
-  Warp.run 3000 (serve (Proxy @ API) $ server config)
+run config@T.Config{..} =
+  Warp.run 3000 (enforceCors $ serve (Proxy @ API) $ server config)
+  where
+    enforceCors = Cors.cors (const $ Just corsPolicy)
+    corsPolicy :: Cors.CorsResourcePolicy
+    corsPolicy =
+      Cors.simpleCorsResourcePolicy
+        { Cors.corsOrigins = Just ([cs configClient], True)
+        , Cors.corsMethods = Cors.simpleMethods ++ ["PUT", "PATCH", "DELETE", "OPTIONS"]
+        , Cors.corsRequestHeaders = Cors.simpleHeaders ++ ["Content-Type", "Authorization"]
+        }