diff --git a/Cargo.lock b/Cargo.lock index 0d39e537..d518f131 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -19,6 +19,21 @@ dependencies = [ "tokio-util", ] +[[package]] +name = "actix-cors" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b340e9cfa5b08690aae90fb61beb44e9b06f44fe3d0f93781aaa58cfba86245e" +dependencies = [ + "actix-utils", + "actix-web", + "derive_more", + "futures-util", + "log", + "once_cell", + "smallvec", +] + [[package]] name = "actix-http" version = "3.3.0" @@ -2076,6 +2091,7 @@ checksum = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b" name = "unleash-edge" version = "0.0.0" dependencies = [ + "actix-cors", "actix-tls", "actix-web", "actix-web-opentelemetry", diff --git a/server/Cargo.toml b/server/Cargo.toml index 65fa35ad..d6eb850e 100644 --- a/server/Cargo.toml +++ b/server/Cargo.toml @@ -9,6 +9,7 @@ repository = "https://github.com/Unleash/unleash-edge" homepage = "https://github.com/Unleash/unleash-edge" [dependencies] +actix-cors = "0.6.4" actix-tls = { version = "3.0.3", features = ["rustls"] } actix-web = { version = "4.3.0", features = ["rustls"] } actix-web-opentelemetry = { version = "0.13.0", features = ["metrics", "metrics-prometheus"] } diff --git a/server/src/main.rs b/server/src/main.rs index 4defef5c..90c5cc62 100644 --- a/server/src/main.rs +++ b/server/src/main.rs @@ -2,7 +2,8 @@ use std::sync::Arc; use crate::cli::EdgeMode; use crate::offline_provider::OfflineProvider; -use actix_web::{middleware, web, App, HttpServer}; +use actix_cors::Cors; +use actix_web::{http, middleware, web, App, HttpServer}; use actix_web_opentelemetry::RequestTracing; use clap::Parser; use cli::CliArgs; @@ -34,8 +35,15 @@ async fn main() -> Result<(), anyhow::Error> { let server = HttpServer::new(move || { let client_provider_arc: Arc = Arc::new(client_provider.clone()); let client_provider_data = web::Data::from(client_provider_arc); + + let cors_middleware = Cors::default() + .allowed_origin("*") + .allowed_methods(vec!["GET", "POST"]) + .allowed_headers(vec![http::header::AUTHORIZATION, http::header::ACCEPT]) + .allowed_header(http::header::CONTENT_TYPE); App::new() .app_data(client_provider_data) + .wrap(cors_middleware) .wrap(RequestTracing::new()) .wrap(request_metrics.clone()) .wrap(middleware::Logger::default())