Fix Cors default_allow_origins() and add allow_credentials

loco-rs · Nov 5, 2024 · 149f225 · 149f225
1 parent 91f23ae
commit 149f225
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/src/controller/middleware/cors.rs b/src/controller/middleware/cors.rs
@@ -28,6 +28,9 @@ pub struct Cors {
     /// Allow methods
     #[serde(default = "default_allow_methods")]
     pub allow_methods: Vec<String>,
+    /// Allow credentials
+    #[serde(default)]
+    pub allow_credentials: bool,
     /// Max age
     pub max_age: Option<u64>,
     // Vary headers
@@ -42,7 +45,7 @@ impl Default for Cors {
 }
 
 fn default_allow_origins() -> Vec<String> {
-    vec!["any".to_string()]
+    vec!["*".to_string()]
 }
 
 fn default_allow_headers() -> Vec<String> {
@@ -69,6 +72,7 @@ impl Cors {
             allow_headers: vec![],
             allow_methods: vec![],
             allow_origins: vec![],
+            allow_credentials: false,
             max_age: None,
             vary: vec![],
         }
@@ -132,6 +136,8 @@ impl Cors {
             cors = cors.max_age(Duration::from_secs(max_age));
         }
 
+        cors = cors.allow_credentials(self.allow_credentials);
+
         Ok(cors)
     }
 }