From c03a1499c8fdbe76cee50b9c4cd7a4d5b0155780 Mon Sep 17 00:00:00 2001
From: DJMrTV <tvnebel@gmail.com>
Date: Fri, 6 Jun 2025 11:53:23 +0200
Subject: [PATCH] fix: allow cross site access

---
 Cargo.lock  | 34 ++++++++++++++++++++++++++++++++++
 Cargo.toml  |  1 +
 src/main.rs | 17 ++++++++++++-----
 3 files changed, 47 insertions(+), 5 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 3efa7c2..c7607ea 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -30,6 +30,7 @@ dependencies = [
  "rand 0.8.5",
  "reqwest",
  "rocket",
+ "rocket_cors",
  "sentry",
  "serde",
  "serde_json",
@@ -2691,6 +2692,23 @@ dependencies = [
  "version_check",
 ]
 
+[[package]]
+name = "rocket_cors"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cfac3a1df83f8d4fc96aa41dba3b86c786417b7fc0f52ec76295df2ba781aa69"
+dependencies = [
+ "http 0.2.12",
+ "log",
+ "regex",
+ "rocket",
+ "serde",
+ "serde_derive",
+ "unicase",
+ "unicase_serde",
+ "url",
+]
+
 [[package]]
 name = "rocket_http"
 version = "0.5.1"
@@ -3860,6 +3878,22 @@ dependencies = [
  "version_check",
 ]
 
+[[package]]
+name = "unicase"
+version = "2.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "75b844d17643ee918803943289730bec8aac480150456169e647ed0b576ba539"
+
+[[package]]
+name = "unicase_serde"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6ef53697679d874d69f3160af80bc28de12730a985d57bdf2b47456ccb8b11f1"
+dependencies = [
+ "serde",
+ "unicase",
+]
+
 [[package]]
 name = "unicode-bidi"
 version = "0.3.18"
diff --git a/Cargo.toml b/Cargo.toml
index 492f3da..1a13e1d 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -38,6 +38,7 @@ mii = { path = "./mii" }
 crc32fast = "1.4.2"
 gxhash = "3.4.1"
 sentry = "0.38.0"
+rocket_cors = "0.6.0"
 
 juniper = { version =  "0.16.1", features = ["chrono"] }
 juniper_rocket = "0.9.0"
diff --git a/src/main.rs b/src/main.rs
index b893594..dec0b30 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -6,9 +6,10 @@ use dotenvy::dotenv;
 use juniper::{EmptyMutation, EmptySubscription};
 use once_cell::sync::Lazy;
 use rocket::fairing::AdHoc;
-use rocket::http::{ContentType, Header, Status};
+use rocket::http::{ContentType, Header, Method, Status};
 use rocket::{catch, catchers, routes, Request};
 use rocket::response::content::RawXml;
+use rocket_cors::{AllowedOrigins, CorsOptions};
 use sqlx::Postgres;
 use sqlx::postgres::PgPoolOptions;
 use tonic::transport::Server;
@@ -96,12 +97,18 @@ async fn launch() -> _ {
         .connect(&act_database_url).await
         .expect("unable to create pool");
 
-    let graph_pool = PgPoolOptions::new()
-        .max_connections(5)
-        .connect(&act_database_url).await
-        .expect("unable to create pool");
+    let cors = CorsOptions::default()
+        .allowed_origins(AllowedOrigins::All)
+        .allowed_methods(
+            vec![Method::Get, Method::Post, Method::Patch]
+                .into_iter()
+                .map(From::from)
+                .collect(),
+        )
+        .allow_credentials(true);
 
     rocket::build()
+        .attach(cors.to_cors().unwrap())
         .manage(pool)
         .manage(Schema::new(
             Query,