From 5cdb9a417da39893e005f66dc96ae7446e1bbb55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20H=C3=B6lting?=
 <87192362+moritz-hoelting@users.noreply.github.com>
Date: Wed, 2 Jul 2025 20:19:32 +0200
Subject: [PATCH] allow wildcard in cors allowed domains

---
 web-api/src/main.rs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/web-api/src/main.rs b/web-api/src/main.rs
index ddbab76..6fd8cf1 100644
--- a/web-api/src/main.rs
+++ b/web-api/src/main.rs
@@ -63,7 +63,13 @@ async fn main() -> Result<()> {
     HttpServer::new(move || {
         let cors = allowed_cors
             .iter()
-            .fold(Cors::default(), |cors, domain| cors.allowed_origin(domain))
+            .fold(Cors::default(), |cors, domain| {
+                if domain == "*" {
+                    cors.allow_any_origin()
+                } else {
+                    cors.allowed_origin(domain)
+                }
+            })
             .send_wildcard()
             .allow_any_method()
             .allow_any_header()