Allow CORS for www. origins (#12)

* allowed www. origins * allow cors based on origin
zitefy · Aug 5, 2024 · b2a3467 · b2a3467
1 parent 3341e8d
commit b2a3467
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 4 deletions.
diff --git a/src/handlers/mod.rs b/src/handlers/mod.rs
@@ -41,10 +41,29 @@ pub async fn proxy_anthropic(
         Ok(response) => {
             let status = response.status();
             let body = response.bytes().await.unwrap_or_default();
-            HttpResponse::build(status)
-                .header("Access-Control-Allow-Origin", "https://zitefy.com")
-                .header("Access-Control-Allow-Methods", "POST, OPTIONS")
-                .header("Access-Control-Allow-Headers", "Content-Type, Authorization")
+
+            // Get the Origin header from the incoming request
+            let origin = req.headers().get("Origin").and_then(|h| h.to_str().ok());
+
+            // Check if the origin is allowed
+            let allowed_origin = match origin {
+                Some("https://zitefy.com") => Some("https://zitefy.com"),
+                Some("https://www.zitefy.com") => Some("https://www.zitefy.com"),
+                Some("http://localhost:3000") => Some("https://localhost:3000"),
+                Some("http://localhost:5000") => Some("https://localhost:5000"),
+                _ => None,
+            };
+
+            let mut builder = HttpResponse::build(status);
+
+            // Set the Access-Control-Allow-Origin header if the origin is allowed
+            if let Some(allowed) = allowed_origin {
+                builder.append_header(("Access-Control-Allow-Origin", allowed));
+            }
+
+            builder
+                .append_header(("Access-Control-Allow-Methods", "POST, OPTIONS"))
+                .append_header(("Access-Control-Allow-Headers", "Content-Type, Authorization"))
                 .body(body)
         },
         Err(e) => HttpResponse::InternalServerError().body(format!("Error: {}", e)),

diff --git a/src/main.rs b/src/main.rs
@@ -131,7 +131,9 @@ async fn main() -> std::io::Result<()> {
             .allowed_origin("http://localhost:3000")
             .allowed_origin("http://localhost:5000")
             .allowed_origin("https://zitefy.com")
+            .allowed_origin("https://www.zitefy.com")
             .allowed_origin("https://api.zitefy.com")
+            .allowed_origin("https://www.api.zitefy.com")
             .allowed_methods(vec!["GET", "POST", "PUT", "DELETE"])
             .allowed_headers(vec![header::AUTHORIZATION, header::ACCEPT])
             .allowed_header(header::CONTENT_TYPE)
@@ -156,7 +158,9 @@ async fn main() -> std::io::Result<()> {
             .allowed_origin("http://localhost:3000")
             .allowed_origin("http://localhost:5000")
             .allowed_origin("https://zitefy.com")
+            .allowed_origin("https://www.zitefy.com")
             .allowed_origin("https://api.zitefy.com")
+            .allowed_origin("https://www.api.zitefy.com")
             .allowed_methods(vec!["GET", "POST", "PUT", "DELETE"])
             .allowed_headers(vec![header::AUTHORIZATION, header::ACCEPT])
             .allowed_header(header::CONTENT_TYPE)