Add a new env var to make the CORS policy permissive

If you want to run the Torrust Index for development with the backend (this repo) and the [frontend](https://github.com/torrust/torrust-index-frontend) you have to uncomment a line in the [router](https://github.com/torrust/torrust-index-backend/blob/develop/src/web/api/v1/routes.rs#L38):

https://github.com/torrust/torrust-index-backend/blob/develop/src/web/api/v1/routes.rs#L38

The `CorsLayer::permissive()` allows the frontend to make requests to the API on a different port.

```rust
/// Add all API routes to the router.
#[allow(clippy::needless_pass_by_value)]
pub fn router(app_data: Arc<AppData>) -> Router {
    // code-review: should we use plural for the resource prefix: `users`, `categories`, `tags`?
    // See: https://stackoverflow.com/questions/6845772/should-i-use-singular-or-plural-name-convention-for-rest-resources

    let v1_api_routes = Router::new()
        .route("/", get(about_page_handler).with_state(app_data.clone()))
        .nest("/user", user::routes::router(app_data.clone()))
        .nest("/about", about::routes::router(app_data.clone()))
        .nest("/category", category::routes::router(app_data.clone()))
        .nest("/tag", tag::routes::router_for_single_resources(app_data.clone()))
        .nest("/tags", tag::routes::router_for_multiple_resources(app_data.clone()))
        .nest("/settings", settings::routes::router(app_data.clone()))
        .nest("/torrent", torrent::routes::router_for_single_resources(app_data.clone()))
        .nest("/torrents", torrent::routes::router_for_multiple_resources(app_data.clone()))
        .nest("/proxy", proxy::routes::router(app_data.clone()));

    Router::new()
        .route("/", get(about_page_handler).with_state(app_data))
        .nest(&format!("/{API_VERSION_URL_PREFIX}"), v1_api_routes)
    // For development purposes only.
    //
    //.layer(CorsLayer::permissive()) // Uncomment this line and the `use` import.
    //
    // It allows calling the API on a different port. For example
    // API: http://localhost:3000/v1
    // 
```

More info: https://github.com/torrust/torrust-index-frontend/blob/develop/docs/index.md#run-the-backend

@da2ce7 suggested using an env var to avoid changing the code:

```s
TORRUST_IDX_BACK_CORS_PERMISSIVE=true cargo run
```

Please create a new issue on the [frontend](https://github.com/torrust/torrust-index-frontend) after implementing this issue to change the [documentation](https://github.com/torrust/torrust-index-frontend/blob/develop/docs/index.md#run-the-backend) there.



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add a new env var to make the CORS policy permissive #214

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add a new env var to make the CORS policy permissive #214

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions