Merge pull request #491 from AppFlowy-IO/admin-frontend-no-cors

feat: remove cors

admin_frontend/Cargo.toml

@@ -24,7 +24,7 @@ uuid = { version = "1.6", features = ["v4"] }
 dotenvy = "0.15"
 reqwest = "0.11.27"
 tower-service = "0.3"
-tower-http = { version = "0.5", features = ["cors", "fs"] }
+tower-http = { version = "0.5", features = ["fs"] }
 tower = "0.4"
 tracing = "0.1"
 tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] }

admin_frontend/src/main.rs

@@ -9,14 +9,9 @@ mod templates;
 mod web_api;
 mod web_app;
 
-use axum::http::Method;
 use axum::{response::Redirect, routing::get, Router};
 use tokio::net::TcpListener;
-use tower::ServiceBuilder;
-use tower_http::{
-  cors::{Any, CorsLayer},
-  services::ServeDir,
-};
+use tower_http::services::ServeDir;
 use tracing::info;
 
 use crate::config::Config;
@@ -61,19 +56,12 @@ async fn main() {
   let web_app_router = web_app::router(state.clone()).with_state(state.clone());
   let web_api_router = web_api::router().with_state(state);
 
-  let cors = CorsLayer::new()
-    // allow `GET` and `POST` when accessing the resource
-    .allow_methods([Method::GET, Method::POST])
-    // allow requests from any origin
-    .allow_origin(Any);
-
   let app = Router::new()
     .route(
       "/favicon.ico",
       get(|| async { Redirect::permanent("/assets/favicon.ico") }),
     )
     .route("/", get(|| async { Redirect::permanent("/web") }))
-    .layer(ServiceBuilder::new().layer(cors))
     .nest_service("/web", web_app_router)
     .nest_service("/web-api", web_api_router)
     .nest_service("/assets", ServeDir::new("assets"));