From bef8956da6a5392075c1bbc8e5af0695f01b8171 Mon Sep 17 00:00:00 2001
From: neon_arch <mustafadhuleb53@gmail.com>
Date: Thu, 3 Aug 2023 17:44:13 +0300
Subject: [PATCH 1/2] =?UTF-8?q?=F0=9F=9B=A0=EF=B8=8F=20fix:=20add=20code?=
 =?UTF-8?q?=20to=20prevent=20csrf=20attacks=20using=20cors=20(#172)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Cargo.lock | 16 ++++++++++++++++
 Cargo.toml |  1 +
 src/lib.rs | 14 +++++++++++++-
 3 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/Cargo.lock b/Cargo.lock
index a0fed7f..eae6360 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -19,6 +19,21 @@ dependencies = [
  "tracing",
 ]
 
+[[package]]
+name = "actix-cors"
+version = "0.6.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b340e9cfa5b08690aae90fb61beb44e9b06f44fe3d0f93781aaa58cfba86245e"
+dependencies = [
+ "actix-utils",
+ "actix-web",
+ "derive_more",
+ "futures-util",
+ "log",
+ "once_cell",
+ "smallvec 1.11.0",
+]
+
 [[package]]
 name = "actix-files"
 version = "0.6.2"
@@ -3520,6 +3535,7 @@ dependencies = [
 name = "websurfx"
 version = "0.15.3"
 dependencies = [
+ "actix-cors",
  "actix-files",
  "actix-web",
  "async-trait",
diff --git a/Cargo.toml b/Cargo.toml
index c856b7d..b258f29 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -14,6 +14,7 @@ handlebars = { version = "4.3.6", features = ["dir_source"] }
 scraper = {version="*"}
 actix-web = {version="4.3.1", features = ["cookies"]}
 actix-files = {version="0.6.2"}
+actix-cors = {version="0.6.4"}
 serde_json = {version="*"}
 fake-useragent = {version="*"}
 env_logger = {version="0.10.0"}
diff --git a/src/lib.rs b/src/lib.rs
index e226e14..c14021e 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -12,8 +12,9 @@ use std::net::TcpListener;
 
 use crate::server::routes;
 
+use actix_cors::Cors;
 use actix_files as fs;
-use actix_web::{dev::Server, middleware::Logger, web, App, HttpServer};
+use actix_web::{dev::Server, http::header, middleware::Logger, web, App, HttpServer};
 use config::parser::Config;
 use handlebars::Handlebars;
 use handler::public_paths::public_path;
@@ -50,9 +51,20 @@ pub fn run(listener: TcpListener, config: Config) -> std::io::Result<Server> {
     let handlebars_ref: web::Data<Handlebars> = web::Data::new(handlebars);
 
     let server = HttpServer::new(move || {
+        let cors: Cors = Cors::default()
+            .allow_any_origin()
+            .allowed_methods(vec!["GET"])
+            .allowed_headers(vec![
+                header::ORIGIN,
+                header::CONTENT_TYPE,
+                header::REFERER,
+                header::COOKIE,
+            ]);
+
         App::new()
             .app_data(handlebars_ref.clone())
             .app_data(web::Data::new(config.clone()))
+            .wrap(cors)
             .wrap(Logger::default()) // added logging middleware for logging.
             // Serve images and static files (css and js files).
             .service(

From cad5307b827859e4d060018eaf91922b84f9bf62 Mon Sep 17 00:00:00 2001
From: neon_arch <mustafadhuleb53@gmail.com>
Date: Thu, 3 Aug 2023 18:22:51 +0300
Subject: [PATCH 2/2] =?UTF-8?q?=F0=9F=9A=80=20chore:=20bump=20the=20app=20?=
 =?UTF-8?q?version?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Cargo.lock | 39 ++++++++++++++++++++-------------------
 Cargo.toml |  2 +-
 2 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index eae6360..4e2688a 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -205,7 +205,7 @@ dependencies = [
  "serde_urlencoded 0.7.1",
  "smallvec 1.11.0",
  "socket2",
- "time 0.3.24",
+ "time 0.3.25",
  "url 2.4.0",
 ]
 
@@ -475,11 +475,12 @@ checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5"
 
 [[package]]
 name = "cc"
-version = "1.0.79"
+version = "1.0.81"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f"
+checksum = "6c6b2562119bf28c3439f7f02db99faf0aa1a8cdfe5772a2ee155d32227239f0"
 dependencies = [
  "jobserver",
+ "libc",
 ]
 
 [[package]]
@@ -597,7 +598,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e859cd57d0710d9e06c381b550c06e76992472a8c6d527aecd2fc673dcc231fb"
 dependencies = [
  "percent-encoding 2.3.0",
- "time 0.3.24",
+ "time 0.3.25",
  "version_check",
 ]
 
@@ -815,9 +816,9 @@ dependencies = [
 
 [[package]]
 name = "deranged"
-version = "0.3.6"
+version = "0.3.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8810e7e2cf385b1e9b50d68264908ec367ba642c96d02edfe61c39e88e2a3c01"
+checksum = "7684a49fb1af197853ef7b2ee694bc1f5b4179556f1e5710e1760c5db6f5e929"
 
 [[package]]
 name = "derive_more"
@@ -1927,9 +1928,9 @@ checksum = "9b2a4787296e9989611394c33f193f676704af1686e70b8f8033ab5ba9a35a94"
 
 [[package]]
 name = "pest"
-version = "2.7.1"
+version = "2.7.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0d2d1d55045829d65aad9d389139882ad623b33b904e7c9f1b10c5b8927298e5"
+checksum = "1acb4a4365a13f749a93f1a094a7805e5cfa0955373a9de860d962eaa3a5fe5a"
 dependencies = [
  "thiserror",
  "ucd-trie",
@@ -1937,9 +1938,9 @@ dependencies = [
 
 [[package]]
 name = "pest_derive"
-version = "2.7.1"
+version = "2.7.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f94bca7e7a599d89dea5dfa309e217e7906c3c007fb9c3299c40b10d6a315d3"
+checksum = "666d00490d4ac815001da55838c500eafb0320019bbaa44444137c48b443a853"
 dependencies = [
  "pest",
  "pest_generator",
@@ -1947,9 +1948,9 @@ dependencies = [
 
 [[package]]
 name = "pest_generator"
-version = "2.7.1"
+version = "2.7.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "99d490fe7e8556575ff6911e45567ab95e71617f43781e5c05490dc8d75c965c"
+checksum = "68ca01446f50dbda87c1786af8770d535423fa8a53aec03b8f4e3d7eb10e0929"
 dependencies = [
  "pest",
  "pest_meta",
@@ -1960,9 +1961,9 @@ dependencies = [
 
 [[package]]
 name = "pest_meta"
-version = "2.7.1"
+version = "2.7.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2674c66ebb4b4d9036012091b537aae5878970d6999f81a265034d85b136b341"
+checksum = "56af0a30af74d0445c0bf6d9d051c979b516a1a5af790d251daee76005420a48"
 dependencies = [
  "once_cell",
  "pest",
@@ -2538,9 +2539,9 @@ dependencies = [
 
 [[package]]
 name = "rustix"
-version = "0.38.4"
+version = "0.38.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0a962918ea88d644592894bc6dc55acc6c0956488adcebbfb6e273506b7fd6e5"
+checksum = "1ee020b1716f0a80e2ace9b03441a749e402e86712f15f16fe8a8f75afac732f"
 dependencies = [
  "bitflags 2.3.3",
  "errno",
@@ -3014,9 +3015,9 @@ dependencies = [
 
 [[package]]
 name = "time"
-version = "0.3.24"
+version = "0.3.25"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b79eabcd964882a646b3584543ccabeae7869e9ac32a46f6f22b7a5bd405308b"
+checksum = "b0fdd63d58b18d663fbdf70e049f00a22c8e42be082203be7f26589213cd75ea"
 dependencies = [
  "deranged",
  "itoa 1.0.9",
@@ -3533,7 +3534,7 @@ dependencies = [
 
 [[package]]
 name = "websurfx"
-version = "0.15.3"
+version = "0.16.1"
 dependencies = [
  "actix-cors",
  "actix-files",
diff --git a/Cargo.toml b/Cargo.toml
index b258f29..bec4799 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "websurfx"
-version = "0.15.3"
+version = "0.16.1"
 edition = "2021"
 description = "An open-source alternative to Searx that provides clean, ad-free, and organic results with incredible speed while keeping privacy and security in mind."
 repository = "https://github.com/neon-mmd/websurfx"