Skip to content

Commit

Permalink
workers: Enable CORS on error responses
Browse files Browse the repository at this point in the history
  • Loading branch information
@sehyunc
sehyunc committed Nov 2, 2023
1 parent 2f7ae33 commit eb9baa0
Showing 1 changed file with 30 additions and 12 deletions.
42 changes: 30 additions & 12 deletions workers/api-server/src/router.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,18 +128,36 @@ impl<

// Forward to the typed handler
let res = self.handle_typed(headers, req_body, url_params).await;
if let Ok(resp) = res {
// Serialize the response into a body. We explicitly allow for all cross-origin
// requests, as users connecting to a locally-run node have a different origin port.

// TODO: Either remove this in the future, or ensure that no sensitive information can
// leak from cross-origin requests.
Response::builder()
.header("Access-Control-Allow-Origin", "*")
.body(Body::from(serde_json::to_vec(&resp).unwrap()))
.unwrap()
} else {
res.err().unwrap().into()

match res {
Ok(resp) => {
// Serialize the response into a body. We explicitly allow for all cross-origin
// requests, as users connecting to a locally-run node have a different origin
// port.

// TODO: Either remove this in the future, or ensure that no sensitive
// information can leak from cross-origin requests.
Response::builder()
.header("Access-Control-Allow-Origin", "*")
.body(Body::from(serde_json::to_vec(&resp).unwrap()))
.unwrap()
}
Err(ApiServerError::HttpStatusCode(status, msg)) => {
// Create a response with the status code from ApiServerError
Response::builder()
.status(status)
.header("Access-Control-Allow-Origin", "*")
.body(Body::from(msg))
.unwrap()
}
Err(_) => {
// Handle other error cases if needed
Response::builder()
.status(StatusCode::INTERNAL_SERVER_ERROR)
.header("Access-Control-Allow-Origin", "*")
.body(Body::empty())
.unwrap()
}
}
}
}
Expand Down

0 comments on commit eb9baa0

Please sign in to comment.