rust/neon
1
0
Fork 0
mirror of https://github.com/neondatabase/neon.git synced 2026-05-22 15:41:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

add vary: origin header when needed

Browse Source
This commit is contained in:
Ruslan Talpa
2025-07-31 16:34:53 +03:00
parent d96cea1917
commit 1474af4845
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
proxy/src/serverless/rest.rs
View File

@@ -8,7 +8,7 @@ use http::Method;
use http::header::{
ACCESS_CONTROL_ALLOW_HEADERS, ACCESS_CONTROL_ALLOW_METHODS, ACCESS_CONTROL_ALLOW_ORIGIN,
ACCESS_CONTROL_EXPOSE_HEADERS, ACCESS_CONTROL_MAX_AGE, ACCESS_CONTROL_REQUEST_HEADERS, ALLOW,
AUTHORIZATION, CONTENT_TYPE, HOST, ORIGIN,
AUTHORIZATION, CONTENT_TYPE, HOST, ORIGIN, VARY,
};
use http_body_util::combinators::BoxBody;
use http_body_util::{BodyExt, Empty, Full};
@@ -81,6 +81,7 @@ const ACCESS_CONTROL_EXPOSE_HEADERS_VALUE: HeaderValue = HeaderValue::from_stati
"Content-Encoding, Content-Location, Content-Range, Content-Type, Date, Location, Server, Transfer-Encoding, Range-Unit",
);
const ACCESS_CONTROL_ALLOW_HEADERS_VALUE: HeaderValue = HeaderValue::from_static("Authorization");
const ACCESS_CONTROL_VARY_VALUE: HeaderValue = HeaderValue::from_static("Origin");
// A wrapper around the DbSchema that allows for self-referencing
#[self_referencing]
@@ -763,6 +764,9 @@ fn apply_common_cors_headers(
);
if let Some(origin) = response_allow_origin {
h.insert(ACCESS_CONTROL_ALLOW_ORIGIN, origin);
if origin != HEADER_VALUE_ALLOW_ALL_ORIGINS {
h.insert(VARY, ACCESS_CONTROL_VARY_VALUE);
}
}
}
}