From 9e9a63a7002d4d4b37b054ba077663e119681f33 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?H=C3=B6lting=2C=20Moritz=20=28Intern=29?=
 <moritz.holting@dieboldnixdorf.com>
Date: Wed, 2 Jul 2025 12:11:18 +0200
Subject: [PATCH] allow wildcard in cors allowed domains

---
 web-api/src/main.rs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/web-api/src/main.rs b/web-api/src/main.rs
index ddbab76..6fd8cf1 100644
--- a/web-api/src/main.rs
+++ b/web-api/src/main.rs
@@ -63,7 +63,13 @@ async fn main() -> Result<()> {
     HttpServer::new(move || {
         let cors = allowed_cors
             .iter()
-            .fold(Cors::default(), |cors, domain| cors.allowed_origin(domain))
+            .fold(Cors::default(), |cors, domain| {
+                if domain == "*" {
+                    cors.allow_any_origin()
+                } else {
+                    cors.allowed_origin(domain)
+                }
+            })
             .send_wildcard()
             .allow_any_method()
             .allow_any_header()