From e1a25cdd311c3d606404f7f94549875a2a15e2b3 Mon Sep 17 00:00:00 2001
From: Sarah Vaupel <sarah.vaupel@protonmail.com>
Date: Wed, 17 Apr 2024 02:52:11 +0200
Subject: [PATCH] feat(middleware): allow Cross Origin Resource Sharing (CORS)

---
 package.yaml      |  7 ++++---
 src/Middleware.hs | 16 +++++++++++++++-
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/package.yaml b/package.yaml
index 8e0aeec32..1ea511a11 100644
--- a/package.yaml
+++ b/package.yaml
@@ -21,7 +21,6 @@ dependencies:
   - template-haskell
   - shakespeare
   - monad-control
-  - wai-extra
   - yaml
   - http-conduit
   - directory
@@ -31,7 +30,6 @@ dependencies:
   - conduit
   - monad-logger
   - fast-logger
-  - wai-logger
   - foreign-store
   - file-embed
   - unordered-containers
@@ -40,6 +38,10 @@ dependencies:
   - time
   - case-insensitive
   - wai
+  - wai-cors
+  - wai-extra
+  - wai-logger
+  - wai-middleware-prometheus
   - cryptonite
   - cryptonite-conduit
   - saltine
@@ -144,7 +146,6 @@ dependencies:
   - cookie
   - prometheus-client
   - prometheus-metrics-ghc
-  - wai-middleware-prometheus
   - extended-reals
   - rfc5051
   - unidecode
diff --git a/src/Middleware.hs b/src/Middleware.hs
index e7e697dd7..e08cbbac8 100644
--- a/src/Middleware.hs
+++ b/src/Middleware.hs
@@ -15,6 +15,7 @@ import qualified Data.HashMap.Strict as HashMap
 import Network.HTTP.Types.Header (hSetCookie)
 import Network.Wai (Middleware)
 import qualified Network.Wai as Wai
+import Network.Wai.Middleware.Cors (CorsResourcePolicy(..), cors)
 import Network.Wai.Middleware.RequestLogger ( Destination(Logger)
                                             , IPAddrSource(..)
                                             , OutputFormat(..)
@@ -27,7 +28,7 @@ import Web.Cookie
 makeMiddleware :: MonadIO m => UniWorX -> m Middleware
 makeMiddleware app = do
   logWare <- makeLogWare app
-  return $ observeHTTPRequestLatency classifyHandler . logWare . normalizeCookiesWare . defaultMiddlewaresNoLogging
+  return $ observeHTTPRequestLatency classifyHandler . logWare . normalizeCookiesWare . corsWare . defaultMiddlewaresNoLogging
 
 
 makeLogWare :: MonadIO m => UniWorX -> m Middleware
@@ -84,3 +85,16 @@ normalizeCookiesWare waiApp req res = waiApp req $ \res' -> do
                   if | null others -> (hdr :) <$> go hdrs
                      | otherwise   -> go hdrs
           | otherwise = (hdr :) <$> go hdrs
+
+
+corsWare :: Middleware
+corsWare = cors . const $ Just CorsResourcePolicy
+  { corsOrigins = Nothing
+  , corsMethods = [ "GET", "HEAD", "POST" ]
+  , corsRequestHeaders = []
+  , corsExposedHeaders = Nothing
+  , corsMaxAge = Just 600
+  , corsVaryOrigin = True
+  , corsRequireOrigin = False
+  , corsIgnoreFailures = False
+  }