From 60c636738be96484aabd7e9abc2ee0310211be3f Mon Sep 17 00:00:00 2001 From: mpostma Date: Tue, 12 Jan 2021 16:46:53 +0100 Subject: [PATCH 1/2] fix cors error --- meilisearch-http/src/main.rs | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/meilisearch-http/src/main.rs b/meilisearch-http/src/main.rs index 800e2760c..08b00e018 100644 --- a/meilisearch-http/src/main.rs +++ b/meilisearch-http/src/main.rs @@ -82,13 +82,15 @@ async fn main() -> Result<(), MainError> { let enable_frontend = opt.env != "production"; let http_server = HttpServer::new(move || { - create_app(&data, enable_frontend) - .wrap( - Cors::default() + let cors = Cors::default() .send_wildcard() .allowed_headers(vec!["content-type", "x-meili-api-key"]) - .max_age(86_400) // 24h - ) + .allow_any_origin() + .allow_any_method() + .max_age(86_400); // 24h + + create_app(&data, enable_frontend) + .wrap(cors) .wrap(middleware::Logger::default()) .wrap(middleware::Compress::default()) .wrap(NormalizePath) From e5c220b82c818c1dc77e20fcecf78019090bba34 Mon Sep 17 00:00:00 2001 From: mpostma Date: Tue, 12 Jan 2021 18:08:16 +0100 Subject: [PATCH 2/2] fix authentication cors bug --- .../src/helpers/authentication.rs | 28 +++++++++++-------- 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/meilisearch-http/src/helpers/authentication.rs b/meilisearch-http/src/helpers/authentication.rs index 974c622f0..1c67df70a 100644 --- a/meilisearch-http/src/helpers/authentication.rs +++ b/meilisearch-http/src/helpers/authentication.rs @@ -6,6 +6,8 @@ use std::task::{Context, Poll}; use actix_service::{Service, Transform}; use actix_web::{dev::ServiceRequest, dev::ServiceResponse, web}; use futures::future::{err, ok, Future, Ready}; +use actix_web::error::ResponseError as _; +use actix_web::dev::Body; use crate::error::{Error, ResponseError}; use crate::Data; @@ -17,14 +19,13 @@ pub enum Authentication { Admin, } -impl Transform for Authentication +impl Transform for Authentication where - S: Service, Error = actix_web::Error>, + S: Service, Error = actix_web::Error>, S::Future: 'static, - B: 'static, { type Request = ServiceRequest; - type Response = ServiceResponse; + type Response = ServiceResponse; type Error = actix_web::Error; type InitError = (); type Transform = LoggingMiddleware; @@ -44,14 +45,13 @@ pub struct LoggingMiddleware { } #[allow(clippy::type_complexity)] -impl Service for LoggingMiddleware +impl Service for LoggingMiddleware where - S: Service, Error = actix_web::Error> + 'static, + S: Service, Error = actix_web::Error> + 'static, S::Future: 'static, - B: 'static, { type Request = ServiceRequest; - type Response = ServiceResponse; + type Response = ServiceResponse; type Error = actix_web::Error; type Future = Pin>>>; @@ -72,7 +72,11 @@ where let auth_header = match req.headers().get("X-Meili-API-Key") { Some(auth) => match auth.to_str() { Ok(auth) => auth, - Err(_) => return Box::pin(err(ResponseError::from(Error::MissingAuthorizationHeader).into())), + Err(_) => { + let error = ResponseError::from(Error::MissingAuthorizationHeader).error_response(); + let (request, _) = req.into_parts(); + return Box::pin(ok(ServiceResponse::new(request, error))) + } }, None => { return Box::pin(err(ResponseError::from(Error::MissingAuthorizationHeader).into())); @@ -95,9 +99,9 @@ where if authenticated { Box::pin(svc.call(req)) } else { - Box::pin(err( - ResponseError::from(Error::InvalidToken(auth_header.to_string())).into() - )) + let error = ResponseError::from(Error::InvalidToken(auth_header.to_string())).error_response(); + let (request, _) = req.into_parts(); + return Box::pin(ok(ServiceResponse::new(request, error))) } } }