diff options
Diffstat (limited to 'src/server')
-rw-r--r-- | src/server/falx.rs | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/src/server/falx.rs b/src/server/falx.rs index 03a8a0b..1efffdc 100644 --- a/src/server/falx.rs +++ b/src/server/falx.rs @@ -1,4 +1,5 @@ use axum::{ + body::Body, extract::{Path, State}, http::{HeaderMap, StatusCode, Uri}, response::{IntoResponse, Response}, @@ -40,10 +41,10 @@ async fn handoff( State(Handoffs(handoffs)): State<Handoffs>, headers: HeaderMap, ) -> Response { - let Some(origin) = headers.get("Origin") else { + let Some(origin_header) = headers.get("Origin") else { return (StatusCode::BAD_REQUEST, "Missing Origin header").into_response(); }; - let Some(origin) = origin + let Some(origin) = origin_header .to_str() .ok() .and_then(|origin| origin.parse::<Uri>().ok()) @@ -57,5 +58,11 @@ async fn handoff( let Some(token) = jar.get("dissociate-token") else { return (StatusCode::UNAUTHORIZED, "Authenticate cookie missing").into_response(); }; - return (StatusCode::OK, token.value().to_string()).into_response(); + return Response::builder() + .status(StatusCode::OK) + .header("Access-Control-Allow-Credentials", "true") + .header("Access-Control-Allow-Methods", "GET") + .header("Access-Control-Allow-Origin", origin_header) + .body(Body::from(token.value().to_string())) + .unwrap(); } |