fix(labrinth): cors headers on ratelimited (#3189)

Kinda hotfix. Fixes #2591 Fixes #2529
2025-01-31 00:52:13 +01:00 · 2025-01-31 00:52:13 +01:00 · a5427f7287
commit a5427f7287
parent 9180f5c8d0
2 changed files with 10 additions and 0 deletions
--- a/apps/labrinth/src/util/cors.rs
+++ b/apps/labrinth/src/util/cors.rs
@ -1,5 +1,6 @@
 use actix_cors::Cors;

+// Updating this? Remember to update the ratelimit CORS too!
 pub fn default_cors() -> Cors {
    Cors::default()
        .allow_any_origin()
--- a/apps/labrinth/src/util/ratelimit.rs
+++ b/apps/labrinth/src/util/ratelimit.rs
@ -168,6 +168,15 @@ where
                        wait_time.as_secs().into(),
                    );

+                    // TODO: Sentralize CORS in the CORS util.
+                    headers.insert(
+                        actix_web::http::header::HeaderName::from_str(
+                            "Access-Control-Allow-Origin",
+                        )
+                        .unwrap(),
+                        "*".parse().unwrap(),
+                    );
+
                    Box::pin(async {
                        Ok(req.into_response(response.map_into_right_body()))
                    })