Merge pull request #30 from Manta-Network/cors-release-check

feat: add unsafe CORS disable feature for dev
Manta-Network · Dec 20, 2021 · bd3626f · bd3626f
2 parents 6df2c6e + 2c75be7
commit bd3626f
Show file tree

Hide file tree

Showing 6 changed files with 142 additions and 83 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -24,10 +24,14 @@ is-it-maintained-issue-resolution = { repository = "Manta-Network/manta-signer"
 is-it-maintained-open-issues = { repository = "Manta-Network/manta-signer" }
 maintenance = { status = "actively-developed" }
 
+[features]
+# Disable CORS Check
+unsafe-disable-cors = []
+
 [dependencies]
 ark-serialize = { version = "0.3.0", default-features = false }
 async-std = { version = "1.10.0" }
-bip0039 = { version = "0.9.0" }
+bip0039 = { version = "0.10.0" }
 bip32 = { version = "0.2.2" }
 bs58 = { version = "0.4.0" }
 cocoon = { version = "0.3.0" }
@@ -43,7 +47,7 @@ manta-data = { git = "https://github.com/Manta-Network/manta-types", branch = "m
 rand = { version = "0.8.4", default-features = false }
 rand_chacha = { version = "0.3.1", default-features = false }
 secrecy = { version = "0.8.0", default-features = false, features = ["alloc"] }
-serde = { version = "1.0.130", default-features = false, features = ["derive"] }
+serde = { version = "1.0.131", default-features = false, features = ["derive"] }
 serde_json = { version = "1.0.68", default-features = false }
 subtle = { version = "2.4.1" }
 tide = { version = "0.16.0" }

diff --git a/release.sh b/release.sh
@@ -41,8 +41,8 @@ EOF
 
 # curl ...
 # mv *.bin ui
-# cd ui
-# cargo tauri build --bundle dmg deb msi
+cd ui
+cargo tauri build
 
 echo "release"
 
diff --git a/src/config.rs b/src/config.rs
@@ -57,11 +57,8 @@ pub struct Config {
     /// Service URL
     pub service_url: String,
 
-    /// Dev origin URL
-    pub dev_origin_url: String,
-
-    /// Prod origin URL
-    pub prod_origin_url: String,
+    /// Origin URL
+    pub origin_url: String,
 }
 
 impl Config {
@@ -72,8 +69,10 @@ impl Config {
             root_seed_file: file(dirs_next::config_dir(), "root_seed.aes")?,
             proving_key_directory: directory(dirs_next::data_local_dir())?,
             service_url: String::from("http://127.0.0.1:29987"),
-            dev_origin_url: String::from("http://localhost:8000"),
-            prod_origin_url: String::from("https://app.dolphin.manta.network"),
+            #[cfg(feature = "unsafe-disable-cors")]
+            origin_url: String::from("*"),
+            #[cfg(not(feature = "unsafe-disable-cors"))]
+            origin_url: String::from("https://app.dolphin.manta.network"),
         })
     }
 

diff --git a/src/service.rs b/src/service.rs
@@ -312,15 +312,9 @@ where
     /// Builds a new [`Service`] from `config` and `authorizer`.
     #[inline]
     pub fn build(config: Config, authorizer: A) -> Self {
-        // FIXME: This is not the best strategy for choosing which URL we want.
-        #[cfg(debug_assertions)]
-        let url = config.dev_origin_url.as_str();
-        #[cfg(not(debug_assertions))]
-        let url = config.prod_origin_url.as_str();
-
         let cors = CorsMiddleware::new()
             .allow_methods("GET, POST".parse::<HeaderValue>().unwrap())
-            .allow_origin(Origin::from(url))
+            .allow_origin(Origin::from(config.origin_url.as_str()))
             .allow_credentials(false);
         let mut server = Server::with_state(State::new(config, authorizer));
         server.with(cors);