[−][src]Struct actix_cors::Cors
Builder for CorsFactory
middleware.
To construct a CorsFactory
:
- Call
Cors::new()
to start building. - Use any of the builder methods to customize CORS behavior.
- Call
finish()
to retrieve the middleware.
Example
use actix_cors::Cors; use actix_web::http::header; let cors = Cors::new() .allowed_origin("https://www.rust-lang.org") .allowed_methods(vec!["GET", "POST"]) .allowed_headers(vec![header::AUTHORIZATION, header::ACCEPT]) .allowed_header(header::CONTENT_TYPE) .max_age(3600);
Implementations
impl Cors
[src]
pub fn new() -> Cors
[src]
Return a new builder.
pub fn default() -> CorsFactory
[src]
Build a CORS middleware with default settings.
pub fn allowed_origin(self, origin: &str) -> Cors
[src]
Add an origin that is allowed to make requests.
By default, requests from all origins are accepted by CORS logic.
This method allows to specify a finite set of origins to verify the
value of the Origin
request header.
This is the list of origins
in the
Resource Processing Model.
When this list is set, the client's Origin
request header will be
checked in a case-sensitive manner.
When all origins are allowed and send_wildcard
is set, "*" will be
sent in the Access-Control-Allow-Origin
response header.
If send_wildcard
is not set, the client's Origin
request header
will be echoed back in the Access-Control-Allow-Origin
response header.
If the origin of the request doesn't match any allowed origins and at least
one allowed_origin_fn
function is set, these functions will be used
to determinate allowed origins.
Builder panics if supplied origin is not valid uri.
pub fn allowed_origin_fn(self, f: fn(req: &RequestHead) -> bool) -> Cors
[src]
Determinate allowed origins by processing requests which didn't match any origins
specified in the allowed_origin
.
The function will receive a RequestHead
of each request, which can be used
to determine whether it should be allowed or not.
If the function returns true
, the client's Origin
request header will be echoed
back into the Access-Control-Allow-Origin
response header.
pub fn allowed_methods<U, M>(self, methods: U) -> Cors where
U: IntoIterator<Item = M>,
M: TryInto<Method>,
<M as TryInto<Method>>::Error: Into<HttpError>,
[src]
U: IntoIterator<Item = M>,
M: TryInto<Method>,
<M as TryInto<Method>>::Error: Into<HttpError>,
Set a list of methods which allowed origins can perform.
This is the list of methods
in the
Resource Processing Model.
Defaults to [GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE]
pub fn allowed_header<H>(self, header: H) -> Cors where
H: TryInto<HeaderName>,
<H as TryInto<HeaderName>>::Error: Into<HttpError>,
[src]
H: TryInto<HeaderName>,
<H as TryInto<HeaderName>>::Error: Into<HttpError>,
Set an allowed header.
pub fn allowed_headers<U, H>(self, headers: U) -> Cors where
U: IntoIterator<Item = H>,
H: TryInto<HeaderName>,
<H as TryInto<HeaderName>>::Error: Into<HttpError>,
[src]
U: IntoIterator<Item = H>,
H: TryInto<HeaderName>,
<H as TryInto<HeaderName>>::Error: Into<HttpError>,
Set a list of header field names which can be used when this resource is accessed by allowed origins.
If All
is set, whatever is requested by the client in
Access-Control-Request-Headers
will be echoed back in the
Access-Control-Allow-Headers
header.
This is the list of headers
in the
Resource Processing Model.
Defaults to All
.
pub fn expose_headers<U, H>(self, headers: U) -> Cors where
U: IntoIterator<Item = H>,
H: TryInto<HeaderName>,
<H as TryInto<HeaderName>>::Error: Into<HttpError>,
[src]
U: IntoIterator<Item = H>,
H: TryInto<HeaderName>,
<H as TryInto<HeaderName>>::Error: Into<HttpError>,
Set a list of headers which are safe to expose to the API of a CORS API
specification. This corresponds to the
Access-Control-Expose-Headers
response header.
This is the list of exposed headers
in the
Resource Processing Model.
This defaults to an empty set.
pub fn max_age(self, max_age: usize) -> Cors
[src]
Set a maximum time for which this CORS request maybe cached.
This value is set as the Access-Control-Max-Age
header.
This defaults to None
(unset).
pub fn send_wildcard(self) -> Cors
[src]
Set a wildcard origins
If send wildcard is set and the allowed_origins
parameter is All
, a
wildcard Access-Control-Allow-Origin
response header is sent,
rather than the request’s Origin
header.
This is the supports credentials flag
in the
Resource Processing Model.
This CANNOT be used in conjunction with allowed_origins
set to
All
and allow_credentials
set to true
. Depending on the mode
of usage, this will either result in an Error:: CredentialsWithWildcardOrigin
error during actix launch or runtime.
Defaults to false
.
pub fn supports_credentials(self) -> Cors
[src]
Allows users to make authenticated requests
If true, injects the Access-Control-Allow-Credentials
header in
responses. This allows cookies and credentials to be submitted
across domains.
This option cannot be used in conjunction with an allowed_origin
set
to All
and send_wildcards
set to true
.
Defaults to false
.
Builder panics if credentials are allowed, but the Origin is set to "*". This is not allowed by W3C
pub fn disable_vary_header(self) -> Cors
[src]
Disable Vary
header support.
When enabled the header Vary: Origin
will be returned as per the W3
implementation guidelines.
Setting this header when the Access-Control-Allow-Origin
is
dynamically generated (e.g. when there is more than one allowed
origin, and an Origin than '*' is returned) informs CDNs and other
caches that the CORS headers are dynamic, and cannot be cached.
By default vary
header support is enabled.
pub fn disable_preflight(self) -> Cors
[src]
Disable support for preflight requests.
When enabled CORS middleware automatically handles OPTIONS
requests.
This is useful for application level middleware.
By default preflight support is enabled.
pub fn finish(self) -> CorsFactory
[src]
Construct CORS middleware.
Trait Implementations
Auto Trait Implementations
impl RefUnwindSafe for Cors
impl Send for Cors
impl Sync for Cors
impl Unpin for Cors
impl UnwindSafe for Cors
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T> Same<T> for T
type Output = T
Should always be Self
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,
type Error = <U as TryFrom<T>>::Error
The type returned in the event of a conversion error.
fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>
[src]
impl<V, T> VZip<V> for T where
V: MultiLane<T>,
V: MultiLane<T>,