about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--shell.nix1
-rw-r--r--src/App.hs16
2 files changed, 14 insertions, 3 deletions
diff --git a/shell.nix b/shell.nix
index 811061186e2e..567b71060b7b 100644
--- a/shell.nix
+++ b/shell.nix
@@ -12,6 +12,7 @@ in pkgs.mkShell {
       hpkgs.aeson
       hpkgs.resource-pool
       hpkgs.sqlite-simple
+      hpkgs.wai-cors
       hpkgs.warp
       hpkgs.cryptonite
       hpkgs.uuid
diff --git a/src/App.hs b/src/App.hs
index e5b8de7e7e7f..abd1bfba96bd 100644
--- a/src/App.hs
+++ b/src/App.hs
@@ -10,13 +10,14 @@ module App where
 import Control.Monad.IO.Class (liftIO)
 import Data.String.Conversions (cs)
 import Data.Text (Text)
-import Network.Wai.Handler.Warp as Warp
 import Servant
 import Servant.Server.Internal.ServerError
 import API
 import Utils
 import Web.Cookie
 
+import qualified Network.Wai.Handler.Warp as Warp
+import qualified Network.Wai.Middleware.Cors as Cors
 import qualified System.Random as Random
 import qualified Email as Email
 import qualified Crypto.KDF.BCrypt as BC
@@ -205,5 +206,14 @@ server config@T.Config{..} = createAccount
         pure NoContent
 
 run :: T.Config -> IO ()
-run config =
-  Warp.run 3000 (serve (Proxy @ API) $ server config)
+run config@T.Config{..} =
+  Warp.run 3000 (enforceCors $ serve (Proxy @ API) $ server config)
+  where
+    enforceCors = Cors.cors (const $ Just corsPolicy)
+    corsPolicy :: Cors.CorsResourcePolicy
+    corsPolicy =
+      Cors.simpleCorsResourcePolicy
+        { Cors.corsOrigins = Just ([cs configClient], True)
+        , Cors.corsMethods = Cors.simpleMethods ++ ["PUT", "PATCH", "DELETE", "OPTIONS"]
+        , Cors.corsRequestHeaders = Cors.simpleHeaders ++ ["Content-Type", "Authorization"]
+        }
generated by cgit-pink 1.4.1 (git 2.44.2) at 2024-11-13T07ยท49+0000