Block POST requests from unknown origins

src/data/app_config.rs

@@ -5,7 +5,7 @@ use clap::Parser;
 use crate::constants::USERS_LIST_FILE;
 
 /// Basic OIDC provider
-#[derive(Parser, Debug)]
+#[derive(Parser, Debug, Clone)]
 #[clap(author, version, about, long_about = None)]
 pub struct AppConfig {
     /// Listen address
@@ -20,12 +20,16 @@ pub struct AppConfig {
     #[clap(short, long, env, default_value = "")]
     pub token_key: String,
 
-    /// Should the auth cookie be secure
-    #[clap(long, env)]
-    pub secure_auth_cookie: bool,
+    /// Website origin
+    #[clap(short, long, env, default_value = "http://localhost:8000")]
+    pub website_origin: String,
 }
 
 impl AppConfig {
+    pub fn secure_cookie(&self) -> bool {
+        self.website_origin.starts_with("https:")
+    }
+
     pub fn storage_path(&self) -> &Path {
         self.storage_path.as_ref()
     }