🗝
summary refs log tree commit diff
path: root/src/server/falx.rs
diff options
context:
space:
mode:
Diffstat (limited to 'src/server/falx.rs')
-rw-r--r--src/server/falx.rs13
1 files changed, 10 insertions, 3 deletions
diff --git a/src/server/falx.rs b/src/server/falx.rs
index 03a8a0b..1efffdc 100644
--- a/src/server/falx.rs
+++ b/src/server/falx.rs
@@ -1,4 +1,5 @@
 use axum::{
+    body::Body,
     extract::{Path, State},
     http::{HeaderMap, StatusCode, Uri},
     response::{IntoResponse, Response},
@@ -40,10 +41,10 @@ async fn handoff(
     State(Handoffs(handoffs)): State<Handoffs>,
     headers: HeaderMap,
 ) -> Response {
-    let Some(origin) = headers.get("Origin") else {
+    let Some(origin_header) = headers.get("Origin") else {
         return (StatusCode::BAD_REQUEST, "Missing Origin header").into_response();
     };
-    let Some(origin) = origin
+    let Some(origin) = origin_header
         .to_str()
         .ok()
         .and_then(|origin| origin.parse::<Uri>().ok())
@@ -57,5 +58,11 @@ async fn handoff(
     let Some(token) = jar.get("dissociate-token") else {
         return (StatusCode::UNAUTHORIZED, "Authenticate cookie missing").into_response();
     };
-    return (StatusCode::OK, token.value().to_string()).into_response();
+    return Response::builder()
+        .status(StatusCode::OK)
+        .header("Access-Control-Allow-Credentials", "true")
+        .header("Access-Control-Allow-Methods", "GET")
+        .header("Access-Control-Allow-Origin", origin_header)
+        .body(Body::from(token.value().to_string()))
+        .unwrap();
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-24 23:27:06 +0000