Block POST requests from unknown origins

src/main.rs

@@ -62,11 +62,12 @@ async fn main() -> std::io::Result<()> {
     let users_actor = UsersActor::new(users).start();
 
     log::info!("Server will listen on {}", config.listen_address);
+    let listen_address = config.listen_address.to_string();
 
     HttpServer::new(move || {
         let policy = CookieIdentityPolicy::new(config.token_key.as_bytes())
             .name(SESSION_COOKIE_NAME)
-            .secure(config.secure_auth_cookie)
+            .secure(config.secure_cookie())
             .visit_deadline(Duration::seconds(MAX_INACTIVITY_DURATION))
             .login_deadline(Duration::seconds(MAX_SESSION_DURATION))
             .same_site(SameSite::Strict);
@@ -74,6 +75,7 @@ async fn main() -> std::io::Result<()> {
 
         App::new()
             .app_data(web::Data::new(users_actor.clone()))
+            .app_data(web::Data::new(config.clone()))
 
             .wrap(Logger::default())
             .wrap(AuthMiddleware {})
@@ -92,7 +94,7 @@ async fn main() -> std::io::Result<()> {
             // Logout page
             .route("/logout", web::get().to(logout_route))
     })
-        .bind(config.listen_address)?
+        .bind(listen_address)?
         .run()
         .await
 }