Block POST requests from unknown origins
This commit is contained in:
@ -62,11 +62,12 @@ async fn main() -> std::io::Result<()> {
|
||||
let users_actor = UsersActor::new(users).start();
|
||||
|
||||
log::info!("Server will listen on {}", config.listen_address);
|
||||
let listen_address = config.listen_address.to_string();
|
||||
|
||||
HttpServer::new(move || {
|
||||
let policy = CookieIdentityPolicy::new(config.token_key.as_bytes())
|
||||
.name(SESSION_COOKIE_NAME)
|
||||
.secure(config.secure_auth_cookie)
|
||||
.secure(config.secure_cookie())
|
||||
.visit_deadline(Duration::seconds(MAX_INACTIVITY_DURATION))
|
||||
.login_deadline(Duration::seconds(MAX_SESSION_DURATION))
|
||||
.same_site(SameSite::Strict);
|
||||
@ -74,6 +75,7 @@ async fn main() -> std::io::Result<()> {
|
||||
|
||||
App::new()
|
||||
.app_data(web::Data::new(users_actor.clone()))
|
||||
.app_data(web::Data::new(config.clone()))
|
||||
|
||||
.wrap(Logger::default())
|
||||
.wrap(AuthMiddleware {})
|
||||
@ -92,7 +94,7 @@ async fn main() -> std::io::Result<()> {
|
||||
// Logout page
|
||||
.route("/logout", web::get().to(logout_route))
|
||||
})
|
||||
.bind(config.listen_address)?
|
||||
.bind(listen_address)?
|
||||
.run()
|
||||
.await
|
||||
}
|
||||
|
Reference in New Issue
Block a user