From 283510e7dd4a094965ee941b473d53c3a6e85d36 Mon Sep 17 00:00:00 2001
From: Angela Chan <angela@overstory.com>
Date: Mon, 24 Apr 2023 08:43:49 +0200
Subject: [PATCH 1/4] fix: Include Authorization and Accept in CORs allowed
 headers

---
 src/srv/server.rs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/srv/server.rs b/src/srv/server.rs
index 76216e898..d1522aec0 100755
--- a/src/srv/server.rs
+++ b/src/srv/server.rs
@@ -422,7 +422,8 @@ pub fn new_server(config: SrvConfig, sources: Sources) -> crate::Result<(Server,
 
         let cors_middleware = Cors::default()
             .allow_any_origin()
-            .allowed_methods(vec!["GET"]);
+            .allowed_methods(vec!["GET"])
+            .allowed_headers(vec![header::AUTHORIZATION, header::ACCEPT]);
 
         App::new()
             .app_data(Data::new(state))

From 46aeef323c0d44595b6f971f7ffa47784e0c2279 Mon Sep 17 00:00:00 2001
From: Angela Chan <angela@overstory.com>
Date: Mon, 24 Apr 2023 09:33:30 +0200
Subject: [PATCH 2/4] fix: missing imports

---
 src/srv/server.rs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/srv/server.rs b/src/srv/server.rs
index d1522aec0..51b0f60c8 100755
--- a/src/srv/server.rs
+++ b/src/srv/server.rs
@@ -7,7 +7,8 @@ use actix_http::ContentEncoding;
 use actix_web::dev::Server;
 use actix_web::error::ErrorBadRequest;
 use actix_web::http::header::{
-    AcceptEncoding, Encoding as HeaderEnc, HeaderValue, Preference, CACHE_CONTROL, CONTENT_ENCODING,
+    AcceptEncoding, Encoding as HeaderEnc, HeaderValue, Preference, ACCEPT, AUTHORIZATION,
+    CACHE_CONTROL, CONTENT_ENCODING,
 };
 use actix_web::http::Uri;
 use actix_web::middleware::TrailingSlash;
@@ -423,7 +424,7 @@ pub fn new_server(config: SrvConfig, sources: Sources) -> crate::Result<(Server,
         let cors_middleware = Cors::default()
             .allow_any_origin()
             .allowed_methods(vec!["GET"])
-            .allowed_headers(vec![header::AUTHORIZATION, header::ACCEPT]);
+            .allowed_headers(vec![AUTHORIZATION, ACCEPT]);
 
         App::new()
             .app_data(Data::new(state))

From 23cffa5d763c6a3204433c9adfb1d3a5b90c6f95 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 21 Jun 2023 22:57:31 +0000
Subject: [PATCH 3/4] chore(deps): Bump openssl from 0.10.52 to 0.10.55 (#11)

Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.52 to 0.10.55.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.52...openssl-v0.10.55)

---
updated-dependencies:
- dependency-name: openssl
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Cargo.lock | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 4062a094a..5185e48a1 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1630,9 +1630,9 @@ checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575"
 
 [[package]]
 name = "openssl"
-version = "0.10.52"
+version = "0.10.55"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "01b8574602df80f7b85fdfc5392fa884a4e3b3f4f35402c070ab34c3d3f78d56"
+checksum = "345df152bc43501c5eb9e4654ff05f794effb78d4efe3d53abc158baddc0703d"
 dependencies = [
  "bitflags",
  "cfg-if",
@@ -1671,9 +1671,9 @@ dependencies = [
 
 [[package]]
 name = "openssl-sys"
-version = "0.9.87"
+version = "0.9.90"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8e17f59264b2809d77ae94f0e1ebabc434773f370d6ca667bd223ea10e06cc7e"
+checksum = "374533b0e45f3a7ced10fcaeccca020e66656bc03dac384f852e4e5a7a8104a6"
 dependencies = [
  "cc",
  "libc",

From 93a8bbc0a80d0dc0be613dffd120ce14a2b88e35 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 8 Aug 2023 17:21:03 +0000
Subject: [PATCH 4/4] fix: Dockerfile to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-5776808
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-5776808
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-5788370
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-5788370
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-5821142
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 mode change 100755 => 100644 Dockerfile

diff --git a/Dockerfile b/Dockerfile
old mode 100755
new mode 100644
index 71ffdf5e8..53922cf9a
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,7 +9,7 @@ COPY . .
 RUN CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse cargo build --release --features=vendored-openssl
 
 
-FROM alpine:latest
+FROM alpine:3.18.3
 
 LABEL org.opencontainers.image.description="Blazing fast and lightweight tile server with PostGIS, MBTiles, and PMTiles support"