mirror of
https://github.com/neon-mmd/websurfx.git
synced 2024-11-25 23:48:21 -05:00
Merge pull request #174 from neon-mmd/patch-csrf-security-with-cors
🛠️ Provide CORS protection against CSRF attacks
This commit is contained in:
commit
a5b7d08dc6
30
Cargo.lock
generated
30
Cargo.lock
generated
@ -19,6 +19,21 @@ dependencies = [
|
|||||||
"tracing",
|
"tracing",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "actix-cors"
|
||||||
|
version = "0.6.4"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "b340e9cfa5b08690aae90fb61beb44e9b06f44fe3d0f93781aaa58cfba86245e"
|
||||||
|
dependencies = [
|
||||||
|
"actix-utils",
|
||||||
|
"actix-web",
|
||||||
|
"derive_more",
|
||||||
|
"futures-util",
|
||||||
|
"log",
|
||||||
|
"once_cell",
|
||||||
|
"smallvec 1.11.0",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "actix-files"
|
name = "actix-files"
|
||||||
version = "0.6.2"
|
version = "0.6.2"
|
||||||
@ -190,7 +205,7 @@ dependencies = [
|
|||||||
"serde_urlencoded 0.7.1",
|
"serde_urlencoded 0.7.1",
|
||||||
"smallvec 1.11.0",
|
"smallvec 1.11.0",
|
||||||
"socket2",
|
"socket2",
|
||||||
"time 0.3.24",
|
"time 0.3.25",
|
||||||
"url 2.4.0",
|
"url 2.4.0",
|
||||||
]
|
]
|
||||||
|
|
||||||
@ -583,7 +598,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
|||||||
checksum = "e859cd57d0710d9e06c381b550c06e76992472a8c6d527aecd2fc673dcc231fb"
|
checksum = "e859cd57d0710d9e06c381b550c06e76992472a8c6d527aecd2fc673dcc231fb"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"percent-encoding 2.3.0",
|
"percent-encoding 2.3.0",
|
||||||
"time 0.3.24",
|
"time 0.3.25",
|
||||||
"version_check",
|
"version_check",
|
||||||
]
|
]
|
||||||
|
|
||||||
@ -801,9 +816,9 @@ dependencies = [
|
|||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "deranged"
|
name = "deranged"
|
||||||
version = "0.3.6"
|
version = "0.3.7"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "8810e7e2cf385b1e9b50d68264908ec367ba642c96d02edfe61c39e88e2a3c01"
|
checksum = "7684a49fb1af197853ef7b2ee694bc1f5b4179556f1e5710e1760c5db6f5e929"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "derive_more"
|
name = "derive_more"
|
||||||
@ -3000,9 +3015,9 @@ dependencies = [
|
|||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "time"
|
name = "time"
|
||||||
version = "0.3.24"
|
version = "0.3.25"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "b79eabcd964882a646b3584543ccabeae7869e9ac32a46f6f22b7a5bd405308b"
|
checksum = "b0fdd63d58b18d663fbdf70e049f00a22c8e42be082203be7f26589213cd75ea"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"deranged",
|
"deranged",
|
||||||
"itoa 1.0.9",
|
"itoa 1.0.9",
|
||||||
@ -3519,8 +3534,9 @@ dependencies = [
|
|||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "websurfx"
|
name = "websurfx"
|
||||||
version = "0.16.0"
|
version = "0.16.1"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
|
"actix-cors",
|
||||||
"actix-files",
|
"actix-files",
|
||||||
"actix-web",
|
"actix-web",
|
||||||
"async-trait",
|
"async-trait",
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
[package]
|
[package]
|
||||||
name = "websurfx"
|
name = "websurfx"
|
||||||
version = "0.16.0"
|
version = "0.16.1"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
description = "An open-source alternative to Searx that provides clean, ad-free, and organic results with incredible speed while keeping privacy and security in mind."
|
description = "An open-source alternative to Searx that provides clean, ad-free, and organic results with incredible speed while keeping privacy and security in mind."
|
||||||
repository = "https://github.com/neon-mmd/websurfx"
|
repository = "https://github.com/neon-mmd/websurfx"
|
||||||
@ -14,6 +14,7 @@ handlebars = { version = "4.3.6", features = ["dir_source"] }
|
|||||||
scraper = {version="*"}
|
scraper = {version="*"}
|
||||||
actix-web = {version="4.3.1", features = ["cookies"]}
|
actix-web = {version="4.3.1", features = ["cookies"]}
|
||||||
actix-files = {version="0.6.2"}
|
actix-files = {version="0.6.2"}
|
||||||
|
actix-cors = {version="0.6.4"}
|
||||||
serde_json = {version="*"}
|
serde_json = {version="*"}
|
||||||
fake-useragent = {version="*"}
|
fake-useragent = {version="*"}
|
||||||
env_logger = {version="0.10.0"}
|
env_logger = {version="0.10.0"}
|
||||||
|
14
src/lib.rs
14
src/lib.rs
@ -12,8 +12,9 @@ use std::net::TcpListener;
|
|||||||
|
|
||||||
use crate::server::routes;
|
use crate::server::routes;
|
||||||
|
|
||||||
|
use actix_cors::Cors;
|
||||||
use actix_files as fs;
|
use actix_files as fs;
|
||||||
use actix_web::{dev::Server, middleware::Logger, web, App, HttpServer};
|
use actix_web::{dev::Server, http::header, middleware::Logger, web, App, HttpServer};
|
||||||
use config::parser::Config;
|
use config::parser::Config;
|
||||||
use handlebars::Handlebars;
|
use handlebars::Handlebars;
|
||||||
use handler::public_paths::public_path;
|
use handler::public_paths::public_path;
|
||||||
@ -52,9 +53,20 @@ pub fn run(listener: TcpListener, config: Config) -> std::io::Result<Server> {
|
|||||||
let cloned_config_threads_opt: u8 = config.threads;
|
let cloned_config_threads_opt: u8 = config.threads;
|
||||||
|
|
||||||
let server = HttpServer::new(move || {
|
let server = HttpServer::new(move || {
|
||||||
|
let cors: Cors = Cors::default()
|
||||||
|
.allow_any_origin()
|
||||||
|
.allowed_methods(vec!["GET"])
|
||||||
|
.allowed_headers(vec![
|
||||||
|
header::ORIGIN,
|
||||||
|
header::CONTENT_TYPE,
|
||||||
|
header::REFERER,
|
||||||
|
header::COOKIE,
|
||||||
|
]);
|
||||||
|
|
||||||
App::new()
|
App::new()
|
||||||
.app_data(handlebars_ref.clone())
|
.app_data(handlebars_ref.clone())
|
||||||
.app_data(web::Data::new(config.clone()))
|
.app_data(web::Data::new(config.clone()))
|
||||||
|
.wrap(cors)
|
||||||
.wrap(Logger::default()) // added logging middleware for logging.
|
.wrap(Logger::default()) // added logging middleware for logging.
|
||||||
// Serve images and static files (css and js files).
|
// Serve images and static files (css and js files).
|
||||||
.service(
|
.service(
|
||||||
|
Loading…
Reference in New Issue
Block a user