mirror of
https://github.com/neon-mmd/websurfx.git
synced 2024-12-22 12:28:21 -05:00
Merge pull request #174 from neon-mmd/patch-csrf-security-with-cors
🛠️ Provide CORS protection against CSRF attacks
This commit is contained in:
commit
a5b7d08dc6
30
Cargo.lock
generated
30
Cargo.lock
generated
@ -19,6 +19,21 @@ dependencies = [
|
||||
"tracing",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "actix-cors"
|
||||
version = "0.6.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b340e9cfa5b08690aae90fb61beb44e9b06f44fe3d0f93781aaa58cfba86245e"
|
||||
dependencies = [
|
||||
"actix-utils",
|
||||
"actix-web",
|
||||
"derive_more",
|
||||
"futures-util",
|
||||
"log",
|
||||
"once_cell",
|
||||
"smallvec 1.11.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "actix-files"
|
||||
version = "0.6.2"
|
||||
@ -190,7 +205,7 @@ dependencies = [
|
||||
"serde_urlencoded 0.7.1",
|
||||
"smallvec 1.11.0",
|
||||
"socket2",
|
||||
"time 0.3.24",
|
||||
"time 0.3.25",
|
||||
"url 2.4.0",
|
||||
]
|
||||
|
||||
@ -583,7 +598,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "e859cd57d0710d9e06c381b550c06e76992472a8c6d527aecd2fc673dcc231fb"
|
||||
dependencies = [
|
||||
"percent-encoding 2.3.0",
|
||||
"time 0.3.24",
|
||||
"time 0.3.25",
|
||||
"version_check",
|
||||
]
|
||||
|
||||
@ -801,9 +816,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "deranged"
|
||||
version = "0.3.6"
|
||||
version = "0.3.7"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "8810e7e2cf385b1e9b50d68264908ec367ba642c96d02edfe61c39e88e2a3c01"
|
||||
checksum = "7684a49fb1af197853ef7b2ee694bc1f5b4179556f1e5710e1760c5db6f5e929"
|
||||
|
||||
[[package]]
|
||||
name = "derive_more"
|
||||
@ -3000,9 +3015,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "time"
|
||||
version = "0.3.24"
|
||||
version = "0.3.25"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b79eabcd964882a646b3584543ccabeae7869e9ac32a46f6f22b7a5bd405308b"
|
||||
checksum = "b0fdd63d58b18d663fbdf70e049f00a22c8e42be082203be7f26589213cd75ea"
|
||||
dependencies = [
|
||||
"deranged",
|
||||
"itoa 1.0.9",
|
||||
@ -3519,8 +3534,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "websurfx"
|
||||
version = "0.16.0"
|
||||
version = "0.16.1"
|
||||
dependencies = [
|
||||
"actix-cors",
|
||||
"actix-files",
|
||||
"actix-web",
|
||||
"async-trait",
|
||||
|
@ -1,6 +1,6 @@
|
||||
[package]
|
||||
name = "websurfx"
|
||||
version = "0.16.0"
|
||||
version = "0.16.1"
|
||||
edition = "2021"
|
||||
description = "An open-source alternative to Searx that provides clean, ad-free, and organic results with incredible speed while keeping privacy and security in mind."
|
||||
repository = "https://github.com/neon-mmd/websurfx"
|
||||
@ -14,6 +14,7 @@ handlebars = { version = "4.3.6", features = ["dir_source"] }
|
||||
scraper = {version="*"}
|
||||
actix-web = {version="4.3.1", features = ["cookies"]}
|
||||
actix-files = {version="0.6.2"}
|
||||
actix-cors = {version="0.6.4"}
|
||||
serde_json = {version="*"}
|
||||
fake-useragent = {version="*"}
|
||||
env_logger = {version="0.10.0"}
|
||||
|
14
src/lib.rs
14
src/lib.rs
@ -12,8 +12,9 @@ use std::net::TcpListener;
|
||||
|
||||
use crate::server::routes;
|
||||
|
||||
use actix_cors::Cors;
|
||||
use actix_files as fs;
|
||||
use actix_web::{dev::Server, middleware::Logger, web, App, HttpServer};
|
||||
use actix_web::{dev::Server, http::header, middleware::Logger, web, App, HttpServer};
|
||||
use config::parser::Config;
|
||||
use handlebars::Handlebars;
|
||||
use handler::public_paths::public_path;
|
||||
@ -52,9 +53,20 @@ pub fn run(listener: TcpListener, config: Config) -> std::io::Result<Server> {
|
||||
let cloned_config_threads_opt: u8 = config.threads;
|
||||
|
||||
let server = HttpServer::new(move || {
|
||||
let cors: Cors = Cors::default()
|
||||
.allow_any_origin()
|
||||
.allowed_methods(vec!["GET"])
|
||||
.allowed_headers(vec![
|
||||
header::ORIGIN,
|
||||
header::CONTENT_TYPE,
|
||||
header::REFERER,
|
||||
header::COOKIE,
|
||||
]);
|
||||
|
||||
App::new()
|
||||
.app_data(handlebars_ref.clone())
|
||||
.app_data(web::Data::new(config.clone()))
|
||||
.wrap(cors)
|
||||
.wrap(Logger::default()) // added logging middleware for logging.
|
||||
// Serve images and static files (css and js files).
|
||||
.service(
|
||||
|
Loading…
Reference in New Issue
Block a user