diff --git a/CHANGELOG.md b/CHANGELOG.md index 91aed1fd..dc3bad5e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ## [Unreleased] ### Added +- [\#180](https://github.com/Manta-Network/manta-signer/pull/180) Add support for mutliple CORS allowed origins ### Changed diff --git a/src/config.rs b/src/config.rs index 4243af85..c62897a1 100644 --- a/src/config.rs +++ b/src/config.rs @@ -50,10 +50,15 @@ pub struct Config { pub data_path: PathBuf, /// Service URL + /// + /// This URL defines the listening URL for the service. pub service_url: String, - /// Origin URL - pub origin_url: Option, + /// Origin URLs + /// + /// These URLs are the allowed origins that can send requests to the service. An empty list + /// means any origin is allowed to send requests to the service. + pub origin_urls: Vec, } impl Config { @@ -64,9 +69,12 @@ impl Config { data_path: file(dirs_next::config_dir(), "storage.dat")?, service_url: "127.0.0.1:29987".into(), #[cfg(feature = "unsafe-disable-cors")] - origin_url: None, + origin_urls: vec![], #[cfg(not(feature = "unsafe-disable-cors"))] - origin_url: Some("https://app.dolphin.manta.network".into()), + origin_urls: vec![ + "https://app.manta.network".into(), + "https://app.dolphin.manta.network".into(), + ], }) } diff --git a/src/service.rs b/src/service.rs index 3451a0df..ba1f183e 100644 --- a/src/service.rs +++ b/src/service.rs @@ -257,9 +257,10 @@ where let socket_address = config.service_url.parse::()?; let cors = CorsMiddleware::new() .allow_methods("GET, POST".parse::().unwrap()) - .allow_origin(match &config.origin_url { - Some(origin_url) => Origin::from(origin_url.as_str()), - _ => Origin::from("*"), + .allow_origin(if config.origin_urls.is_empty() { + Origin::Any + } else { + Origin::List(config.origin_urls) }) .allow_credentials(false); let mut api = tide::Server::with_state(self);