fix: add cors headers to auth routes

2026-01-10 16:35:37 +01:00 · 2025-06-30 14:22:28 -07:00
parent 7aecdc667d
commit 48c42e6260
1 changed files with 10 additions and 5 deletions
--- a/crates/cdk-axum/src/lib.rs
+++ b/crates/cdk-axum/src/lib.rs
@@ -142,6 +142,11 @@ async fn cors_middleware(
    req: axum::http::Request<axum::body::Body>,
    next: axum::middleware::Next,
 ) -> Response {
+    #[cfg(feature = "auth")]
+    let allowed_headers = "Content-Type, Clear-auth, Blind-auth";
+    #[cfg(not(feature = "auth"))]
+    let allowed_headers = "Content-Type";
+
    // Handle preflight requests
    if req.method() == axum::http::Method::OPTIONS {
        let mut response = Response::new("".into());
@@ -154,7 +159,7 @@ async fn cors_middleware(
        );
        response.headers_mut().insert(
            "Access-Control-Allow-Headers",
-            "Content-Type".parse().unwrap(),
+            allowed_headers.parse().unwrap(),
        );
        return response;
    }
@@ -171,7 +176,7 @@ async fn cors_middleware(
    );
    response.headers_mut().insert(
        "Access-Control-Allow-Headers",
-        "Content-Type".parse().unwrap(),
+        allowed_headers.parse().unwrap(),
    );

    response
@@ -210,9 +215,7 @@ pub async fn create_mint_router_with_custom_cache(
        .route("/info", get(get_mint_info))
        .route("/restore", post(post_restore));

-    let mint_router = Router::new()
-        .nest("/v1", v1_router)
-        .layer(from_fn(cors_middleware));
+    let mint_router = Router::new().nest("/v1", v1_router);

    #[cfg(feature = "auth")]
    let mint_router = {
@@ -220,6 +223,8 @@ pub async fn create_mint_router_with_custom_cache(
        mint_router.nest("/v1", auth_router)
    };

+    let mint_router = mint_router.layer(from_fn(cors_middleware));
+
    let mint_router = mint_router.with_state(state);

    Ok(mint_router)