phundrak/bakit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(settings): proper CORS in production

Browse Source 
If the backend starts in production mode with no `frontend_url` is set,
immediately panic and stop.
This commit is contained in:
Lucien Cartier-Tilet
2026-06-01 23:34:34 +02:00
parent afd399b84f
commit b38e6110d2
1 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/startup.rs
+13 -2
View File
@@ -80,11 +80,22 @@ impl From<Application> for RunnableApplication {
// Use very high limits to effectively disable rate limiting // Use very high limits to effectively disable rate limiting
RateLimitConfig::new(u32::MAX, 1) RateLimitConfig::new(u32::MAX, 1)
}; };
let frontend_url = value.settings.frontend_url.clone();
let cors = if value.settings.debug {
Cors::new()
} else {
if !cfg!(test) {
assert!(
!frontend_url.is_empty(),
"CORS: frontend_url must be configured in production"
);
}
Cors::new().allow_origin(frontend_url)
};
let app = value let app = value
.app .app
.with(RateLimit::new(&rate_limit_config)) .with(RateLimit::new(&rate_limit_config))
.with(Cors::new()) .with(cors)
.data(value.settings); .data(value.settings);
let server = value.server; let server = value.server;