fix(cors): set url with chrome-extension:// as regex origin

Author: istudyatuni

aw-server/src/endpoints/cors.rs

@@ -3,11 +3,21 @@ use rocket_cors::{AllowedHeaders, AllowedOrigins};
 
 use crate::config::AWConfig;
 
+const CHROME_EXTENSION_PREFIX: &str = "chrome-extension://";
+
 pub fn cors(config: &AWConfig) -> rocket_cors::Cors {
     let root_url = format!("http://127.0.0.1:{}", config.port);
     let root_url_localhost = format!("http://localhost:{}", config.port);
     let mut allowed_exact_origins = vec![root_url, root_url_localhost];
-    allowed_exact_origins.extend(config.cors.clone());
+    // url with chrome-extension:// is parsed by url crate as Opaque, so it
+    // should be used as regex origin
+    allowed_exact_origins.extend(
+        config
+            .cors
+            .clone()
+            .into_iter()
+            .filter(|c| !c.starts_with(CHROME_EXTENSION_PREFIX)),
+    );
 
     if config.testing {
         allowed_exact_origins.push("http://127.0.0.1:27180".to_string());
@@ -22,6 +32,13 @@ pub fn cors(config: &AWConfig) -> rocket_cors::Cors {
     if config.testing {
         allowed_regex_origins.push("chrome-extension://.*".to_string());
     }
+    allowed_regex_origins.extend(
+        config
+            .cors
+            .clone()
+            .into_iter()
+            .filter(|c| c.starts_with(CHROME_EXTENSION_PREFIX)),
+    );
 
     let allowed_origins = AllowedOrigins::some(&allowed_exact_origins, &allowed_regex_origins);
     let allowed_methods = vec![Method::Get, Method::Post, Method::Delete]
@@ -39,5 +56,6 @@ pub fn cors(config: &AWConfig) -> rocket_cors::Cors {
         ..Default::default()
     }
     .to_cors()
+    .inspect_err(|e| log::error!("failed to setup cors: {e}"))
     .expect("Failed to set up CORS")
 }