Add CORS headers on OpenID configuration endpoint

2025-02-21 11:59:32 +01:00 · 2025-02-21 11:59:32 +01:00 · a73ad4bf41
commit a73ad4bf41
parent 4a248e84ac
2 changed files with 333 additions and 366 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/src/controllers/openid_controller.rs
+++ b/src/controllers/openid_controller.rs
@ -50,37 +50,39 @@ pub async fn get_configuration(req: HttpRequest) -> impl Responder {
        host
    );

-    HttpResponse::Ok().json(OpenIDConfig {
-        issuer: AppConfig::get().website_origin.clone(),
-        authorization_endpoint: AppConfig::get().full_url(AUTHORIZE_URI),
-        token_endpoint: curr_origin.clone() + TOKEN_URI,
-        userinfo_endpoint: Some(curr_origin.clone() + USERINFO_URI),
-        jwks_uri: curr_origin + CERT_URI,
-        scopes_supported: Some(vec![
-            "openid".to_string(),
-            "profile".to_string(),
-            "email".to_string(),
-        ]),
-        response_types_supported: vec![
-            "code".to_string(),
-            "id_token".to_string(),
-            "token id_token".to_string(),
-        ],
-        subject_types_supported: vec!["public".to_string()],
-        id_token_signing_alg_values_supported: vec!["RS256".to_string()],
-        token_endpoint_auth_methods_supported: Some(vec![
-            "client_secret_post".to_string(),
-            "client_secret_basic".to_string(),
-        ]),
-        claims_supported: Some(vec![
-            "sub".to_string(),
-            "name".to_string(),
-            "given_name".to_string(),
-            "family_name".to_string(),
-            "email".to_string(),
-        ]),
-        code_challenge_methods_supported: Some(vec!["plain".to_string(), "S256".to_string()]),
-    })
+    HttpResponse::Ok()
+        .insert_header(("access-control-allow-origin", "*"))
+        .json(OpenIDConfig {
+            issuer: AppConfig::get().website_origin.clone(),
+            authorization_endpoint: AppConfig::get().full_url(AUTHORIZE_URI),
+            token_endpoint: curr_origin.clone() + TOKEN_URI,
+            userinfo_endpoint: Some(curr_origin.clone() + USERINFO_URI),
+            jwks_uri: curr_origin + CERT_URI,
+            scopes_supported: Some(vec![
+                "openid".to_string(),
+                "profile".to_string(),
+                "email".to_string(),
+            ]),
+            response_types_supported: vec![
+                "code".to_string(),
+                "id_token".to_string(),
+                "token id_token".to_string(),
+            ],
+            subject_types_supported: vec!["public".to_string()],
+            id_token_signing_alg_values_supported: vec!["RS256".to_string()],
+            token_endpoint_auth_methods_supported: Some(vec![
+                "client_secret_post".to_string(),
+                "client_secret_basic".to_string(),
+            ]),
+            claims_supported: Some(vec![
+                "sub".to_string(),
+                "name".to_string(),
+                "given_name".to_string(),
+                "family_name".to_string(),
+                "email".to_string(),
+            ]),
+            code_challenge_methods_supported: Some(vec!["plain".to_string(), "S256".to_string()]),
+        })
 }

 #[derive(serde::Deserialize, Debug)]