mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-24 04:57:00 +01:00
Code Issues Actions 10 Packages Projects Releases Wiki Activity

Allow Authorization header in CORS preflight response (#1831)

Browse source 
This is needed for public clients running as SPAs (like OCIS).
This commit is contained in:
Yuri Iozzelli 2023-07-09 22:53:02 +02:00 committed by GitHub
parent 4b319aa9eb
commit e2d7b53367
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
server/core/src/https/oauth2.rs
View file

@ -6,7 +6,9 @@ use axum::middleware::from_fn;
use axum::response::{IntoResponse, Response}; use axum::response::{IntoResponse, Response};
use axum::routing::{get, post}; use axum::routing::{get, post};
use axum::{Extension, Form, Json, Router}; use axum::{Extension, Form, Json, Router};
use http::header::{ACCESS_CONTROL_ALLOW_ORIGIN, AUTHORIZATION, LOCATION}; use http::header::{
ACCESS_CONTROL_ALLOW_HEADERS, ACCESS_CONTROL_ALLOW_ORIGIN, AUTHORIZATION, LOCATION,
};
use http::{HeaderMap, HeaderValue, StatusCode}; use http::{HeaderMap, HeaderValue, StatusCode};
use hyper::Body; use hyper::Body;
use kanidm_proto::oauth2::AuthorisationResponse; use kanidm_proto::oauth2::AuthorisationResponse;
@ -862,6 +864,7 @@ pub async fn oauth2_preflight_options() -> impl IntoResponse {
Response::builder() Response::builder()
.status(StatusCode::OK) .status(StatusCode::OK)
.header(ACCESS_CONTROL_ALLOW_ORIGIN, "*") .header(ACCESS_CONTROL_ALLOW_ORIGIN, "*")
.header(ACCESS_CONTROL_ALLOW_HEADERS, "Authorization")
.body(Body::empty()) .body(Body::empty())
.unwrap() .unwrap()
} }