Skip to content

Commit

Permalink
workers: Enable CORS on error responses
Browse files Browse the repository at this point in the history
  • Loading branch information
@sehyunc
sehyunc committed Nov 2, 2023
1 parent 2f7ae33 commit 396dabd
Showing 1 changed file with 33 additions and 13 deletions.
46 changes: 33 additions & 13 deletions workers/api-server/src/router.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,19 +128,39 @@ impl<

// Forward to the typed handler
let res = self.handle_typed(headers, req_body, url_params).await;
if let Ok(resp) = res {
// Serialize the response into a body. We explicitly allow for all cross-origin
// requests, as users connecting to a locally-run node have a different origin port.

// TODO: Either remove this in the future, or ensure that no sensitive information can
// leak from cross-origin requests.
Response::builder()
.header("Access-Control-Allow-Origin", "*")
.body(Body::from(serde_json::to_vec(&resp).unwrap()))
.unwrap()
} else {
res.err().unwrap().into()
}

let response = match res {
Ok(resp) => {
// Serialize the response into a body. We explicitly allow for all cross-origin
// requests, as users connecting to a locally-run node have a different origin
// port.

// TODO: Either remove this in the future, or ensure that no sensitive
// information can leak from cross-origin requests.
Response::builder()
.header("Access-Control-Allow-Origin", "*")
.body(Body::from(serde_json::to_vec(&resp).unwrap()))
.unwrap()
}
Err(ApiServerError::HttpStatusCode(status, msg)) => {
// Create a response with the status code from ApiServerError
Response::builder()
.status(status)
.header("Access-Control-Allow-Origin", "*")
.body(Body::from(msg))
.unwrap()
}
Err(_) => {
// Handle other error cases if needed
Response::builder()
.status(StatusCode::INTERNAL_SERVER_ERROR)
.header("Access-Control-Allow-Origin", "*")
.body(Body::empty())
.unwrap()
}
};

response

Check failure on line 163 in workers/api-server/src/router.rs

View workflow job for this annotation

GitHub Actions / clippy

returning the result of a `let` binding from a block 

error: returning the result of a `let` binding from a block
   --> workers/api-server/src/router.rs:163:9
    |
132 | /         let response = match res {
133 | |             Ok(resp) => {
134 | |                 // Serialize the response into a body. We explicitly allow for all cross-origin
135 | |                 // requests, as users connecting to a locally-run node have a different origin
...   |
160 | |             }
161 | |         };
    | |__________- unnecessary `let` binding
162 |
163 |           response
    |           ^^^^^^^^
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#let_and_return
    = note: `-D clippy::let-and-return` implied by `-D warnings`
help: return the expression directly
    |
132 ~         
133 | 
134 ~         match res {
135 +             Ok(resp) => {
136 +                 // Serialize the response into a body. We explicitly allow for all cross-origin
137 +                 // requests, as users connecting to a locally-run node have a different origin
138 +                 // port.
139 + 
140 +                 // TODO: Either remove this in the future, or ensure that no sensitive
141 +                 // information can leak from cross-origin requests.
142 +                 Response::builder()
143 +                     .header("Access-Control-Allow-Origin", "*")
144 +                     .body(Body::from(serde_json::to_vec(&resp).unwrap()))
145 +                     .unwrap()
146 +             }
147 +             Err(ApiServerError::HttpStatusCode(status, msg)) => {
148 +                 // Create a response with the status code from ApiServerError
149 +                 Response::builder()
150 +                     .status(status)
151 +                     .header("Access-Control-Allow-Origin", "*")
152 +                     .body(Body::from(msg))
153 +                     .unwrap()
154 +             }
155 +             Err(_) => {
156 +                 // Handle other error cases if needed
157 +                 Response::builder()
158 +                     .status(StatusCode::INTERNAL_SERVER_ERROR)
159 +                     .header("Access-Control-Allow-Origin", "*")
160 +                     .body(Body::empty())
161 +                     .unwrap()
162 +             }
163 +         }
    |
}
}

Expand Down

0 comments on commit 396dabd

Please sign in to comment.