Struct actix_web::middleware::cors::CorsBuilder [] [src]

pub struct CorsBuilder { /* fields omitted */ }

Structure that follows the builder pattern for building Cors middleware structs.

To construct a cors:

  1. Call Cors::build to start building.
  2. Use any of the builder methods to set fields in the backend.
  3. Call finish to retrieve the constructed backend.

Example

use http::header;
use actix_web::middleware::cors;

let cors = cors::Cors::build()
    .allowed_origin("https://www.rust-lang.org/")
    .allowed_methods(vec!["GET", "POST"])
    .allowed_headers(vec![header::AUTHORIZATION, header::ACCEPT])
    .allowed_header(header::CONTENT_TYPE)
    .max_age(3600)
    .finish().unwrap();

Methods

impl CorsBuilder
[src]

[src]

Add an origin that are allowed to make requests. Will be verified against the Origin request header.

When All is set, and send_wildcard is set, "*" will be sent in the Access-Control-Allow-Origin response header. Otherwise, the client's Origin request header will be echoed back in the Access-Control-Allow-Origin response header.

When Some is set, the client's Origin request header will be checked in a case-sensitive manner.

This is the list of origins in the Resource Processing Model.

Defaults to All.

[src]

Set a list of methods which the allowed origins are allowed to access for requests.

This is the list of methods in the Resource Processing Model.

Defaults to [GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE]

[src]

Set an allowed header

[src]

Set a list of header field names which can be used when this resource is accessed by allowed origins.

If All is set, whatever is requested by the client in Access-Control-Request-Headers will be echoed back in the Access-Control-Allow-Headers header.

This is the list of headers in the Resource Processing Model.

Defaults to All.

[src]

Set a list of headers which are safe to expose to the API of a CORS API specification. This corresponds to the Access-Control-Expose-Headers response header.

This is the list of exposed headers in the Resource Processing Model.

This defaults to an empty set.

[src]

Set a maximum time for which this CORS request maybe cached. This value is set as the Access-Control-Max-Age header.

This defaults to None (unset).

[src]

Set a wildcard origins

If send wildcard is set and the allowed_origins parameter is All, a wildcard Access-Control-Allow-Origin response header is sent, rather than the request’s Origin header.

This is the supports credentials flag in the Resource Processing Model.

This CANNOT be used in conjunction with allowed_origins set to All and allow_credentials set to true. Depending on the mode of usage, this will either result in an Error::CredentialsWithWildcardOrigin error during actix launch or runtime.

Defaults to false.

[src]

Allows users to make authenticated requests

If true, injects the Access-Control-Allow-Credentials header in responses. This allows cookies and credentials to be submitted across domains.

This option cannot be used in conjunction with an allowed_origin set to All and send_wildcards set to true.

Defaults to false.

[src]

Disable Vary header support.

When enabled the header Vary: Origin will be returned as per the W3 implementation guidelines.

Setting this header when the Access-Control-Allow-Origin is dynamically generated (e.g. when there is more than one allowed origin, and an Origin than '*' is returned) informs CDNs and other caches that the CORS headers are dynamic, and cannot be cached.

By default vary header support is enabled.

[src]

Disable preflight request support.

When enabled cors middleware automatically handles OPTIONS request. This is useful application level middleware.

By default preflight support is enabled.

[src]

Finishes building and returns the built Cors instance.