3 files changed, 23 insertions, 3 deletions

diff --git a/extra/example_config.toml b/extra/example_config.toml
index 1baa536..dab2d7d 100644
--- a/extra/example_config.toml
+++ b/extra/example_config.toml
@@ -2,6 +2,7 @@
 bind_addr = "127.0.0.1:9292"
 upstream_addr = "127.0.0.1:9200"
 unsafe_all_indices = false
+enable_cors = true
 
 # Index-level configuration
 [[index]]
diff --git a/src/lib.rs b/src/lib.rs
index b4c6d6a..75afbc5 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -11,6 +11,7 @@ pub struct ProxyConfig {
     pub bind_addr: Option<String>,     // 127.0.0.1:9292
     pub upstream_addr: Option<String>, // 127.0.0.1:9200
     pub unsafe_all_indices: Option<bool>,
+    pub enable_cors: Option<bool>,
     pub index: Vec<IndexConfig>,
 }
 
diff --git a/src/main.rs b/src/main.rs
index a1e8c5b..5f6b574 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,5 +1,5 @@
 use hyper::service::{make_service_fn, service_fn};
-use hyper::{Body, Client, Request, Response, Server, StatusCode};
+use hyper::{Body, Client, Request, Response, Server, StatusCode, header::HeaderValue};
 use std::env;
 use std::net::SocketAddr;
 use toml;
@@ -15,9 +15,9 @@ async fn upstream_req(
     req: Request<Body>,
     config: ProxyConfig,
 ) -> Result<Response<Body>, hyper::Error> {
-    info!("hit: {}", req.uri());
+    info!("request: {} {}", req.method(), req.uri());
     let parsed = filter_request(req, &config).await;
-    let resp = match parsed {
+    let mut resp = match parsed {
         Ok(upstream_req) => {
             debug!("sending request...");
             Client::new().request(upstream_req).await?
@@ -28,6 +28,24 @@ async fn upstream_req(
             .body(serde_json::to_string(&other.to_json()).unwrap().into())
             .unwrap(),
     };
+    resp.headers_mut().insert(
+        "Via",
+        HeaderValue::from_static("es-public-proxy"),
+    );
+    if config.enable_cors == Some(true) {
+        resp.headers_mut().insert(
+            "Access-Control-Allow-Origin",
+            HeaderValue::from_static("*"),
+        );
+        resp.headers_mut().insert(
+            "Access-Control-Allow-Origin",
+            HeaderValue::from_static("GET, POST, DELETE, HEAD, OPTIONS"),
+        );
+        resp.headers_mut().insert(
+            "Access-Control-Allow-Headers",
+            HeaderValue::from_static("DNT,User-Agent,Content-Type"),
+        );
+    }
     debug!("resp!");
     Ok(resp)
 }