Browse Source

allowed credentials through cors, fixed panic on no auth

feature/pictrs-v2.5
John Doe 1 year ago
parent
commit
f19951df4f
  1. 2
      server/src/main.rs
  2. 5
      server/src/routes/images.rs

2
server/src/main.rs

@ -99,7 +99,7 @@ async fn main() -> Result<(), LemmyError> {
let cors = Cors::default()
.allow_any_origin()
.send_wildcard()
.supports_credentials()
.allowed_methods(vec!["GET", "POST", "PUT", "OPTIONS"])
.allow_any_header()
.max_age(3600);

5
server/src/routes/images.rs

@ -49,10 +49,9 @@ async fn upload(
) -> Result<HttpResponse, Error> {
// TODO: check rate limit here
let jwt = req
.cookie("jwt")
.expect("No auth header for picture upload");
.cookie("jwt");
if Claims::decode(jwt.value()).is_err() {
if jwt.is_none() || Claims::decode(jwt.unwrap().value()).is_err() {
return Ok(HttpResponse::Unauthorized().finish());
};

Loading…
Cancel
Save