[IMP] add cors settings

Xavier-Do · Xavier-Do · commit 9c125970fbde · 2026-03-25T10:35:40.000+01:00
diff --git a/aw-server/src/endpoints/cors.rs b/aw-server/src/endpoints/cors.rs
@@ -1,14 +1,40 @@
 use rocket::http::Method;
 use rocket_cors::{AllowedHeaders, AllowedOrigins};
+use aw_datastore::Datastore;
+use std::sync::Mutex;
 
 use crate::config::AWConfig;
 
-pub fn cors(config: &AWConfig) -> rocket_cors::Cors {
+pub fn cors(config: &AWConfig, datastore_mutex: &Mutex<Datastore>) -> rocket_cors::Cors {
     let root_url = format!("http://127.0.0.1:{}", config.port);
     let root_url_localhost = format!("http://localhost:{}", config.port);
     let mut allowed_exact_origins = vec![root_url, root_url_localhost];
     allowed_exact_origins.extend(config.cors.clone());
 
+    let db = datastore_mutex.lock().unwrap();
+    if let Ok(cors_origins_str) = db.get_key_value("settings.cors_origins") {
+
+        let cors_origins: Vec<String> = cors_origins_str
+            .trim_matches('"')
+            .split(',')
+            .map(|s| s.trim().to_string())
+            .filter(|s| !s.is_empty())
+            .filter(|s| {
+            let is_valid = s.starts_with("http://")
+                        || s.starts_with("https://")
+                        || s.starts_with("chrome-extension://")
+                        || s.starts_with("moz-extension://");
+            if !is_valid {
+                log::warn!("Ignoring invalid CORS origin: '{}'", s);
+            }
+            is_valid
+            })
+            .collect();
+        info!("Parsed cors_origins from settings: {:?}", cors_origins);
+        allowed_exact_origins.extend(cors_origins);
+    }
+    drop(db);
+
     if config.testing {
         allowed_exact_origins.push("http://127.0.0.1:27180".to_string());
         allowed_exact_origins.push("http://localhost:27180".to_string());
diff --git a/aw-server/src/endpoints/mod.rs b/aw-server/src/endpoints/mod.rs
@@ -132,7 +132,7 @@ pub fn build_rocket(server_state: ServerState, config: AWConfig) -> rocket::Rock
         "Starting aw-server-rust at {}:{}",
         config.address, config.port
     );
-    let cors = cors::cors(&config);
+    let cors = cors::cors(&config, &server_state.datastore);
     let hostcheck = hostcheck::HostCheck::new(&config);
     let custom_static = config.custom_static.clone();
 
diff --git a/aw-webui b/aw-webui
@@ -1 +1 @@
-Subproject commit cd5aafe2fdc27e621035621d83d9bcae4b587837
+Subproject commit 4bc480489ffd79617384d6179812a26c37ab56cc
