CORS headers v0.2.2

3 files changed, 12 insertions, 5 deletions

diff --git a/Cargo.lock b/Cargo.lock
index 6f683c5..0480382 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -488,7 +488,7 @@ dependencies = [
 
 [[package]]
 name = "dissociate"
-version = "0.2.1"
+version = "0.2.2"
 dependencies = [
  "argon2",
  "axum",
diff --git a/Cargo.toml b/Cargo.toml
index af22a6f..0b6f860 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "dissociate"
-version = "0.2.1"
+version = "0.2.2"
 edition = "2021"
 
 [dependencies]
diff --git a/src/server/falx.rs b/src/server/falx.rs
index 03a8a0b..1efffdc 100644
--- a/src/server/falx.rs
+++ b/src/server/falx.rs
@@ -1,4 +1,5 @@
 use axum::{
+    body::Body,
     extract::{Path, State},
     http::{HeaderMap, StatusCode, Uri},
     response::{IntoResponse, Response},
@@ -40,10 +41,10 @@ async fn handoff(
     State(Handoffs(handoffs)): State<Handoffs>,
     headers: HeaderMap,
 ) -> Response {
-    let Some(origin) = headers.get("Origin") else {
+    let Some(origin_header) = headers.get("Origin") else {
         return (StatusCode::BAD_REQUEST, "Missing Origin header").into_response();
     };
-    let Some(origin) = origin
+    let Some(origin) = origin_header
         .to_str()
         .ok()
         .and_then(|origin| origin.parse::<Uri>().ok())
@@ -57,5 +58,11 @@ async fn handoff(
     let Some(token) = jar.get("dissociate-token") else {
         return (StatusCode::UNAUTHORIZED, "Authenticate cookie missing").into_response();
     };
-    return (StatusCode::OK, token.value().to_string()).into_response();
+    return Response::builder()
+        .status(StatusCode::OK)
+        .header("Access-Control-Allow-Credentials", "true")
+        .header("Access-Control-Allow-Methods", "GET")
+        .header("Access-Control-Allow-Origin", origin_header)
+        .body(Body::from(token.value().to_string()))
+        .unwrap();
 }