From d15399793a9a768bd7c9d7c0b5b6be5c6e66105c Mon Sep 17 00:00:00 2001 From: vishalkrishnads <321vishalds@gmail.com> Date: Mon, 5 Aug 2024 15:21:15 +0530 Subject: [PATCH] allow cors based on origin --- src/handlers/mod.rs | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/src/handlers/mod.rs b/src/handlers/mod.rs index 5cf4bfe..c3e4a70 100644 --- a/src/handlers/mod.rs +++ b/src/handlers/mod.rs @@ -41,10 +41,29 @@ pub async fn proxy_anthropic( Ok(response) => { let status = response.status(); let body = response.bytes().await.unwrap_or_default(); - HttpResponse::build(status) - .header("Access-Control-Allow-Origin", "https://zitefy.com") - .header("Access-Control-Allow-Methods", "POST, OPTIONS") - .header("Access-Control-Allow-Headers", "Content-Type, Authorization") + + // Get the Origin header from the incoming request + let origin = req.headers().get("Origin").and_then(|h| h.to_str().ok()); + + // Check if the origin is allowed + let allowed_origin = match origin { + Some("https://zitefy.com") => Some("https://zitefy.com"), + Some("https://www.zitefy.com") => Some("https://www.zitefy.com"), + Some("http://localhost:3000") => Some("https://localhost:3000"), + Some("http://localhost:5000") => Some("https://localhost:5000"), + _ => None, + }; + + let mut builder = HttpResponse::build(status); + + // Set the Access-Control-Allow-Origin header if the origin is allowed + if let Some(allowed) = allowed_origin { + builder.append_header(("Access-Control-Allow-Origin", allowed)); + } + + builder + .append_header(("Access-Control-Allow-Methods", "POST, OPTIONS")) + .append_header(("Access-Control-Allow-Headers", "Content-Type, Authorization")) .body(body) }, Err(e) => HttpResponse::InternalServerError().body(format!("Error: {}", e)),