phundrak/sta
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(cors): implement CORS configuration with From trait

Browse Source 
Implement From<CorsSettings> for Cors trait to configure CORS middleware
with production-ready security validation.

- Move CorsSettings to backend/src/settings/cors.rs module
- Validate wildcard + credentials constraint (browser security policy)
- Configure allowed methods, headers, credentials, and max_age
- Add structured logging for CORS configuration
- Move tests from settings/mod.rs and startup.rs to cors module

Ref: T014
This commit is contained in:
Lucien Cartier-Tilet
2026-01-03 17:42:24 +01:00
parent e577fb5095
commit 5d6c3208cc
5 changed files with 222 additions and 242 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
specs/001-modbus-relay-control/tasks.md
View File

@@ -114,7 +114,7 @@
- **File**: backend/src/startup.rs (in tests module)
- **Complexity**: Medium | **Uncertainty**: Low
- [ ] **T014** [Setup] [TDD] Implement build_cors() free function in startup.rs
- [x] **T014** [Setup] [TDD] Implement build_cors() free function in startup.rs
- Function signature: `fn build_cors(settings: &CorsSettings) -> Cors`
- Validate: if `allow_credentials=true` AND `allowed_origins` contains "*", panic with clear error message
- Iterate over `allowed_origins` and call `cors.allow_origin()` for each