add cors control

backend/Cargo.toml

@@ -17,7 +17,7 @@ actix-rt = "2"
 actix-web-actors = { version = "4.0.0-beta.6" }
 actix-service = "2.0.0-beta.5"
 actix-identity = "0.4.0-beta.2"
-#actix-cors = "0.5.4"
+actix-cors = "0.6.0-beta.2"
 
 futures = "0.3.15"
 bytes = "1"

backend/src/application.rs

@@ -53,6 +53,7 @@ pub fn run(listener: TcpListener, app_ctx: AppContext) -> Result<Server, std::io
         App::new()
             .wrap(middleware::Logger::default())
             .wrap(identify_service(&domain, &secret))
+            .wrap(crate::middleware::default_cors())
             .wrap(crate::middleware::AuthenticationService)
             .app_data(web::JsonConfig::default().limit(4096))
             .service(ws_scope())

backend/src/middleware/cors_middleware.rs

@@ -0,0 +1,17 @@
+use actix_cors::Cors;
+use actix_web::http;
+use flowy_net::config::HEADER_TOKEN;
+
+// https://javascript.info/fetch-crossorigin#cors-for-safe-requests
+// https://docs.rs/actix-cors/0.5.4/actix_cors/index.html
+// http://www.ruanyifeng.com/blog/2016/04/cors.html
+// Cors short for Cross-Origin Resource Sharing.
+pub fn default_cors() -> Cors {
+    Cors::default() // allowed_origin return access-control-allow-origin: * by default
+        // .allowed_origin("http://127.0.0.1:8080")
+        .send_wildcard()
+        .allowed_methods(vec!["GET", "POST", "PUT", "DELETE"])
+        .allowed_headers(vec![http::header::ACCEPT])
+        .allowed_header(http::header::CONTENT_TYPE)
+        .max_age(3600)
+}

backend/src/middleware/mod.rs

@@ -1,3 +1,5 @@
 mod auth_middleware;
+mod cors_middleware;
 
 pub use auth_middleware::*;
+pub use cors_middleware::*;