From 1b8d4f1ad0b7104dc0876c62118a1ae61dbbf983 Mon Sep 17 00:00:00 2001
From: Markus Wiegand <mail@morphy.dev>
Date: Thu, 31 Aug 2023 13:11:49 +0200
Subject: [PATCH] add cors max age

---
 src/config.rs | 7 +++++++
 src/main.rs   | 4 +++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/config.rs b/src/config.rs
index b35641e..281da01 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -30,6 +30,10 @@ const fn default_health_latency_treshold() -> u64 {
     100
 }
 
+const fn default_cors_max_age() -> u64 {
+    1800
+}
+
 #[derive(Debug, Clone, Deserialize)]
 pub struct AppConfig {
     // HTTP server
@@ -81,8 +85,11 @@ pub struct AppConfig {
     #[serde(default = "default_hibp_check")]
     pub hibp_check: bool,
 
+    // CORS
     #[serde(default, deserialize_with = "deserialize_vec_from_string")]
     pub cors_allowed_origins: Vec<HeaderValue>,
+    #[serde(default = "default_cors_max_age")]
+    pub cors_max_age: u64,
 }
 
 #[derive(Debug, Clone)]
diff --git a/src/main.rs b/src/main.rs
index d5ba37c..105be5e 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -125,7 +125,9 @@ async fn main() -> Result<()> {
         );
 
     let route_config = RouteConfig {
-        cors: CorsLayer::new().allow_origin(app_config.cors_allowed_origins),
+        cors: CorsLayer::new()
+            .allow_origin(app_config.cors_allowed_origins)
+            .max_age(Duration::from_secs(app_config.cors_max_age)),
     };
 
     let svc_routes: Router<()> = services::routes(state, route_config);