Expand description
Cross-Origin Resource Sharing (CORS).
Build a CorsLayer and hand it to crate::Server::with_cors. The
server then answers preflight (OPTIONS) requests itself and stamps the
Access-Control-* headers onto every cross-origin response — including
error responses, so the browser can read 4xx/5xx bodies.
ⓘ
use actus::prelude::*;
use std::time::Duration;
// Development: anything goes.
Server::new(router).with_cors(CorsLayer::permissive());
// Production: pin it down.
Server::new(router).with_cors(
CorsLayer::new()
.allow_origin("https://app.example.com")
.allow_methods([Verb::GET, Verb::POST, Verb::DELETE])
.allow_headers([http::header::CONTENT_TYPE, http::header::AUTHORIZATION])
.allow_credentials(true)
.max_age(Duration::from_secs(3600)),
);Structs§
- Cors
Layer - A CORS policy. See the module docs.