allow wildcard in cors allowed domains

2025-07-02 12:11:18 +02:00
1 changed files with 7 additions and 1 deletions
--- a/web-api/src/main.rs
+++ b/web-api/src/main.rs
@ -63,7 +63,13 @@ async fn main() -> Result<()> {
    HttpServer::new(move || {
        let cors = allowed_cors
            .iter()
-            .fold(Cors::default(), |cors, domain| cors.allowed_origin(domain))
+            .fold(Cors::default(), |cors, domain| {
+                if domain == "*" {
+                    cors.allow_any_origin()
+                } else {
+                    cors.allowed_origin(domain)
+                }
+            })
            .send_wildcard()
            .allow_any_method()
            .allow_any_header()