Cors: more finegrained allowlist, make it simpler

2023-12-17 10:25:56 +00:00 · 2023-12-17 10:25:56 +00:00 · 55f3b23eed
commit 55f3b23eed
parent 98ce0408f7
7 changed files with 19 additions and 40 deletions
--- a/desktop/src-tauri/src/config.rs
+++ b/desktop/src-tauri/src/config.rs
@ -88,7 +88,6 @@ pub struct RqbitDesktopConfigHttpApi {
    pub disable: bool,
    pub listen_addr: SocketAddr,
    pub read_only: bool,
-    pub cors_enable_all: bool,
 }

 impl Default for RqbitDesktopConfigHttpApi {
@ -97,7 +96,6 @@ impl Default for RqbitDesktopConfigHttpApi {
            disable: Default::default(),
            listen_addr: SocketAddr::V4(SocketAddrV4::new(Ipv4Addr::new(127, 0, 0, 1), 3030)),
            read_only: false,
-            cors_enable_all: true,
        }
    }
 }
--- a/desktop/src-tauri/src/main.rs
+++ b/desktop/src-tauri/src/main.rs
@ -103,7 +103,6 @@ async fn api_from_config(
        let http_api_task = librqbit::http_api::HttpApi::new(
            api.clone(),
            Some(librqbit::http_api::HttpApiOptions {
-                cors_enable_all: config.http_api.cors_enable_all,
                read_only: config.http_api.read_only,
            }),
        )
--- a/desktop/src/configure.tsx
+++ b/desktop/src/configure.tsx
@ -343,15 +343,6 @@ export const ConfigModal: React.FC<{
              help="If enabled, only GET requests will be allowed through the API"
            />

-            <FormCheck
-              label="CORS any"
-              name="http_api.cors_enable_all"
-              checked={config.http_api.cors_enable_all}
-              disabled={config.http_api.disable}
-              onChange={handleToggleChange}
-              help="If enabled, the API will allow Cross Origin requests (including this app)"
-            />
-
            <FormInput
              label="Listen address"
              inputType="text"