neon_arch commited on
Commit
bef8956
โ€ข
1 Parent(s): 5b4e7c7

๐Ÿ› ๏ธ fix: add code to prevent csrf attacks using cors (#172)

Browse files
Files changed (3) hide show
  1. Cargo.lock +16 -0
  2. Cargo.toml +1 -0
  3. src/lib.rs +13 -1
Cargo.lock CHANGED
@@ -19,6 +19,21 @@ dependencies = [
19
  "tracing",
20
  ]
21
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
22
  [[package]]
23
  name = "actix-files"
24
  version = "0.6.2"
@@ -3520,6 +3535,7 @@ dependencies = [
3520
  name = "websurfx"
3521
  version = "0.15.3"
3522
  dependencies = [
 
3523
  "actix-files",
3524
  "actix-web",
3525
  "async-trait",
 
19
  "tracing",
20
  ]
21
 
22
+ [[package]]
23
+ name = "actix-cors"
24
+ version = "0.6.4"
25
+ source = "registry+https://github.com/rust-lang/crates.io-index"
26
+ checksum = "b340e9cfa5b08690aae90fb61beb44e9b06f44fe3d0f93781aaa58cfba86245e"
27
+ dependencies = [
28
+ "actix-utils",
29
+ "actix-web",
30
+ "derive_more",
31
+ "futures-util",
32
+ "log",
33
+ "once_cell",
34
+ "smallvec 1.11.0",
35
+ ]
36
+
37
  [[package]]
38
  name = "actix-files"
39
  version = "0.6.2"
 
3535
  name = "websurfx"
3536
  version = "0.15.3"
3537
  dependencies = [
3538
+ "actix-cors",
3539
  "actix-files",
3540
  "actix-web",
3541
  "async-trait",
Cargo.toml CHANGED
@@ -14,6 +14,7 @@ handlebars = { version = "4.3.6", features = ["dir_source"] }
14
  scraper = {version="*"}
15
  actix-web = {version="4.3.1", features = ["cookies"]}
16
  actix-files = {version="0.6.2"}
 
17
  serde_json = {version="*"}
18
  fake-useragent = {version="*"}
19
  env_logger = {version="0.10.0"}
 
14
  scraper = {version="*"}
15
  actix-web = {version="4.3.1", features = ["cookies"]}
16
  actix-files = {version="0.6.2"}
17
+ actix-cors = {version="0.6.4"}
18
  serde_json = {version="*"}
19
  fake-useragent = {version="*"}
20
  env_logger = {version="0.10.0"}
src/lib.rs CHANGED
@@ -12,8 +12,9 @@ use std::net::TcpListener;
12
 
13
  use crate::server::routes;
14
 
 
15
  use actix_files as fs;
16
- use actix_web::{dev::Server, middleware::Logger, web, App, HttpServer};
17
  use config::parser::Config;
18
  use handlebars::Handlebars;
19
  use handler::public_paths::public_path;
@@ -50,9 +51,20 @@ pub fn run(listener: TcpListener, config: Config) -> std::io::Result<Server> {
50
  let handlebars_ref: web::Data<Handlebars> = web::Data::new(handlebars);
51
 
52
  let server = HttpServer::new(move || {
 
 
 
 
 
 
 
 
 
 
53
  App::new()
54
  .app_data(handlebars_ref.clone())
55
  .app_data(web::Data::new(config.clone()))
 
56
  .wrap(Logger::default()) // added logging middleware for logging.
57
  // Serve images and static files (css and js files).
58
  .service(
 
12
 
13
  use crate::server::routes;
14
 
15
+ use actix_cors::Cors;
16
  use actix_files as fs;
17
+ use actix_web::{dev::Server, http::header, middleware::Logger, web, App, HttpServer};
18
  use config::parser::Config;
19
  use handlebars::Handlebars;
20
  use handler::public_paths::public_path;
 
51
  let handlebars_ref: web::Data<Handlebars> = web::Data::new(handlebars);
52
 
53
  let server = HttpServer::new(move || {
54
+ let cors: Cors = Cors::default()
55
+ .allow_any_origin()
56
+ .allowed_methods(vec!["GET"])
57
+ .allowed_headers(vec![
58
+ header::ORIGIN,
59
+ header::CONTENT_TYPE,
60
+ header::REFERER,
61
+ header::COOKIE,
62
+ ]);
63
+
64
  App::new()
65
  .app_data(handlebars_ref.clone())
66
  .app_data(web::Data::new(config.clone()))
67
+ .wrap(cors)
68
  .wrap(Logger::default()) // added logging middleware for logging.
69
  // Serve images and static files (css and js files).
70
  .service(