fix: allow cross site access

Cargo.lock

@@ -30,6 +30,7 @@ dependencies = [
  "rand 0.8.5",
  "reqwest",
  "rocket",
+ "rocket_cors",
  "sentry",
  "serde",
  "serde_json",
@@ -2691,6 +2692,23 @@ dependencies = [
  "version_check",
 ]
 
+[[package]]
+name = "rocket_cors"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cfac3a1df83f8d4fc96aa41dba3b86c786417b7fc0f52ec76295df2ba781aa69"
+dependencies = [
+ "http 0.2.12",
+ "log",
+ "regex",
+ "rocket",
+ "serde",
+ "serde_derive",
+ "unicase",
+ "unicase_serde",
+ "url",
+]
+
 [[package]]
 name = "rocket_http"
 version = "0.5.1"
@@ -3860,6 +3878,22 @@ dependencies = [
  "version_check",
 ]
 
+[[package]]
+name = "unicase"
+version = "2.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "75b844d17643ee918803943289730bec8aac480150456169e647ed0b576ba539"
+
+[[package]]
+name = "unicase_serde"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6ef53697679d874d69f3160af80bc28de12730a985d57bdf2b47456ccb8b11f1"
+dependencies = [
+ "serde",
+ "unicase",
+]
+
 [[package]]
 name = "unicode-bidi"
 version = "0.3.18"

Cargo.toml

@@ -38,6 +38,7 @@ mii = { path = "./mii" }
 crc32fast = "1.4.2"
 gxhash = "3.4.1"
 sentry = "0.38.0"
+rocket_cors = "0.6.0"
 
 juniper = { version =  "0.16.1", features = ["chrono"] }
 juniper_rocket = "0.9.0"

src/main.rs

@@ -6,9 +6,10 @@ use dotenvy::dotenv;
 use juniper::{EmptyMutation, EmptySubscription};
 use once_cell::sync::Lazy;
 use rocket::fairing::AdHoc;
-use rocket::http::{ContentType, Header, Status};
+use rocket::http::{ContentType, Header, Method, Status};
 use rocket::{catch, catchers, routes, Request};
 use rocket::response::content::RawXml;
+use rocket_cors::{AllowedOrigins, CorsOptions};
 use sqlx::Postgres;
 use sqlx::postgres::PgPoolOptions;
 use tonic::transport::Server;
@@ -96,12 +97,18 @@ async fn launch() -> _ {
         .connect(&act_database_url).await
         .expect("unable to create pool");
 
-    let graph_pool = PgPoolOptions::new()
+    let cors = CorsOptions::default()
-        .max_connections(5)
+        .allowed_origins(AllowedOrigins::All)
-        .connect(&act_database_url).await
+        .allowed_methods(
-        .expect("unable to create pool");
+            vec![Method::Get, Method::Post, Method::Patch]
+                .into_iter()
+                .map(From::from)
+                .collect(),
+        )
+        .allow_credentials(true);
 
     rocket::build()
+        .attach(cors.to_cors().unwrap())
         .manage(pool)
         .manage(Schema::new(
             Query,