From d72ef89abbd5e2058f43f5994aa609227a480805 Mon Sep 17 00:00:00 2001
From: Sebastian Pravda <sebastian.pravda@gmail.com>
Date: Thu, 24 Nov 2022 18:58:40 +0100
Subject: [PATCH 1/2] feat: cors headers

---
 api/src/lib.rs | 32 +++++++++++++++++++++++++++++---
 1 file changed, 29 insertions(+), 3 deletions(-)

diff --git a/api/src/lib.rs b/api/src/lib.rs
index d5752f4..702f85a 100644
--- a/api/src/lib.rs
+++ b/api/src/lib.rs
@@ -1,9 +1,10 @@
 #[macro_use]
 extern crate rocket;
 
-use rocket::fairing::{self, AdHoc};
+use rocket::fairing::{self, AdHoc, Fairing, Kind, Info};
 
-use rocket::{Build, Rocket};
+use rocket::http::Header;
+use rocket::{Build, Rocket, Request, Response};
 
 use migration::MigratorTrait;
 use sea_orm_rocket::Database;
@@ -19,6 +20,30 @@ use pool::Db;
 pub use entity::candidate;
 pub use entity::candidate::Entity as Candidate;
 
+struct CORS;
+
+#[rocket::async_trait]
+impl Fairing for CORS {
+    fn info(&self) -> Info {
+        Info {
+            name: "Add CORS headers to responses",
+            kind: Kind::Response
+        }
+    }
+
+    async fn on_response<'r>(&self, _request: &'r Request<'_>, response: &mut Response<'r>) {
+        response.set_header(Header::new("Access-Control-Allow-Origin", "http://localhost:5173"));
+        response.set_header(Header::new("Access-Control-Allow-Methods", "POST, GET, OPTIONS"));
+        response.set_header(Header::new("Access-Control-Allow-Headers", "content-type"));
+        response.set_header(Header::new("Access-Control-Allow-Credentials", "true"));
+    }
+}
+
+#[options("/<_..>")]
+fn all_options() {
+    /* Intentionally left empty */
+}
+
 #[get("/hello")]
 async fn hello() -> &'static str {
     "Hello, world!"
@@ -32,10 +57,11 @@ async fn run_migrations(rocket: Rocket<Build>) -> fairing::Result {
 
 pub fn rocket() -> Rocket<Build>{
     rocket::build()
+        .attach(CORS)
         .attach(Db::init())
         .attach(AdHoc::try_on_ignite("Migrations", run_migrations))
         //.mount("/", FileServer::from(relative!("/static")))
-        .mount("/", routes![hello])
+        .mount("/", routes![hello, all_options])
         .mount(
             "/candidate/",
             routes![

From 859b8fbad83b3d59be48a235808c6cb391487f4e Mon Sep 17 00:00:00 2001
From: Sebastian Pravda <sebastian.pravda@gmail.com>
Date: Tue, 29 Nov 2022 09:30:00 +0100
Subject: [PATCH 2/2] feat: set CORS headers on cfg debug only

---
 api/src/lib.rs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/api/src/lib.rs b/api/src/lib.rs
index 702f85a..777614b 100644
--- a/api/src/lib.rs
+++ b/api/src/lib.rs
@@ -31,12 +31,18 @@ impl Fairing for CORS {
         }
     }
 
+    #[cfg(debug_assertions)]
     async fn on_response<'r>(&self, _request: &'r Request<'_>, response: &mut Response<'r>) {
         response.set_header(Header::new("Access-Control-Allow-Origin", "http://localhost:5173"));
         response.set_header(Header::new("Access-Control-Allow-Methods", "POST, GET, OPTIONS"));
         response.set_header(Header::new("Access-Control-Allow-Headers", "content-type"));
         response.set_header(Header::new("Access-Control-Allow-Credentials", "true"));
     }
+
+    #[cfg(not(debug_assertions))]
+    async fn on_response<'r>(&self, _request: &'r Request<'_>, response: &mut Response<'r>) {
+        // TODO
+    }
 }
 
 #[options("/<_..>")]