MCPcopy Index your code
hub / github.com/NativeScript/SimDeck / append_cors_headers

Function append_cors_headers

packages/server/src/auth.rs:122–171  ·  view source on GitHub ↗
(
    config: &Config,
    request_headers: &HeaderMap,
    response_headers: &mut HeaderMap,
)

Source from the content-addressed store, hash-verified

120}
121
122pub fn append_cors_headers(
123 config: &Config,
124 request_headers: &HeaderMap,
125 response_headers: &mut HeaderMap,
126) {
127 let Some(origin) = request_headers
128 .get(header::ORIGIN)
129 .and_then(|value| value.to_str().ok())
130 else {
131 return;
132 };
133
134 if !origin_is_cors_allowed(config, origin) {
135 return;
136 }
137
138 if let Ok(value) = HeaderValue::from_str(origin) {
139 response_headers.insert(header::ACCESS_CONTROL_ALLOW_ORIGIN, value);
140 }
141 response_headers.insert(
142 header::ACCESS_CONTROL_ALLOW_METHODS,
143 HeaderValue::from_static("GET, POST, OPTIONS"),
144 );
145 response_headers.insert(
146 header::ACCESS_CONTROL_ALLOW_HEADERS,
147 HeaderValue::from_static(
148 "content-type, authorization, x-simdeck-token, x-simdeck-filename",
149 ),
150 );
151 response_headers.insert(
152 header::ACCESS_CONTROL_ALLOW_CREDENTIALS,
153 HeaderValue::from_static("true"),
154 );
155 response_headers.insert(header::VARY, HeaderValue::from_static("Origin"));
156
157 // Chrome's Private Network Access (CORS-RFC1918): a public-internet origin
158 // (e.g. https://app.simdeck.sh) calling a loopback/private target must see
159 // this header on the preflight when the request advertises support.
160 if request_headers
161 .get("access-control-request-private-network")
162 .and_then(|value| value.to_str().ok())
163 .map(|value| value.eq_ignore_ascii_case("true"))
164 .unwrap_or(false)
165 {
166 response_headers.insert(
167 HeaderName::from_static("access-control-allow-private-network"),
168 HeaderValue::from_static("true"),
169 );
170 }
171}
172
173pub fn append_access_cookie(response_headers: &mut HeaderMap, token: &str) {
174 if let Ok(value) = HeaderValue::from_str(&access_cookie_value(token)) {

Callers 5

preflight_responseFunction · 0.85
unauthorized_responseFunction · 0.85
require_api_authFunction · 0.85
pair_browserFunction · 0.85

Calls 3

origin_is_cors_allowedFunction · 0.85
insertMethod · 0.80
getMethod · 0.65