Struct clia_ntex_cors::Cors
source · pub struct Cors { /* private fields */ }Expand description
Structure that follows the builder pattern for building Cors middleware
structs.
To construct a cors:
- Call
Cors::buildto start building. - Use any of the builder methods to set fields in the backend.
- Call finish to retrieve the constructed backend.
Example
use ntex_cors::Cors;
use ntex::http::header;
let cors = Cors::new()
.allowed_origin("https://www.rust-lang.org/")
.allowed_methods(vec!["GET", "POST"])
.allowed_headers(vec![header::AUTHORIZATION, header::ACCEPT])
.allowed_header(header::CONTENT_TYPE)
.max_age(3600);Implementations§
source§impl Cors
impl Cors
sourcepub fn default<Err>() -> CorsFactory<Err>
pub fn default<Err>() -> CorsFactory<Err>
Build a new CORS default middleware
sourcepub fn allowed_origin(self, origin: &str) -> Self
pub fn allowed_origin(self, origin: &str) -> Self
Add an origin that are allowed to make requests.
Will be verified against the Origin request header.
When All is set, and send_wildcard is set, “*” will be sent in
the Access-Control-Allow-Origin response header. Otherwise, the
client’s Origin request header will be echoed back in the
Access-Control-Allow-Origin response header.
When Some is set, the client’s Origin request header will be
checked in a case-sensitive manner.
This is the list of origins in the
Resource Processing Model.
Defaults to All.
Builder panics if supplied origin is not valid uri.
sourcepub fn allowed_methods<U, M>(self, methods: U) -> Selfwhere
U: IntoIterator<Item = M>,
Method: TryFrom<M>,
<Method as TryFrom<M>>::Error: Into<HttpError>,
pub fn allowed_methods<U, M>(self, methods: U) -> Selfwhere U: IntoIterator<Item = M>, Method: TryFrom<M>, <Method as TryFrom<M>>::Error: Into<HttpError>,
Set a list of methods which the allowed origins are allowed to access for requests.
This is the list of methods in the
Resource Processing Model.
Defaults to [GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE]
sourcepub fn allowed_header<H>(self, header: H) -> Selfwhere
HeaderName: TryFrom<H>,
<HeaderName as TryFrom<H>>::Error: Into<HttpError>,
pub fn allowed_header<H>(self, header: H) -> Selfwhere HeaderName: TryFrom<H>, <HeaderName as TryFrom<H>>::Error: Into<HttpError>,
Set an allowed header
sourcepub fn allowed_headers<U, H>(self, headers: U) -> Selfwhere
U: IntoIterator<Item = H>,
HeaderName: TryFrom<H>,
<HeaderName as TryFrom<H>>::Error: Into<HttpError>,
pub fn allowed_headers<U, H>(self, headers: U) -> Selfwhere U: IntoIterator<Item = H>, HeaderName: TryFrom<H>, <HeaderName as TryFrom<H>>::Error: Into<HttpError>,
Set a list of header field names which can be used when this resource is accessed by allowed origins.
If All is set, whatever is requested by the client in
Access-Control-Request-Headers will be echoed back in the
Access-Control-Allow-Headers header.
This is the list of headers in the
Resource Processing Model.
Defaults to All.
sourcepub fn expose_headers<U, H>(self, headers: U) -> Selfwhere
U: IntoIterator<Item = H>,
HeaderName: TryFrom<H>,
<HeaderName as TryFrom<H>>::Error: Into<HttpError>,
pub fn expose_headers<U, H>(self, headers: U) -> Selfwhere U: IntoIterator<Item = H>, HeaderName: TryFrom<H>, <HeaderName as TryFrom<H>>::Error: Into<HttpError>,
Set a list of headers which are safe to expose to the API of a CORS API
specification. This corresponds to the
Access-Control-Expose-Headers response header.
This is the list of exposed headers in the
Resource Processing Model.
This defaults to an empty set.
sourcepub fn max_age(self, max_age: usize) -> Self
pub fn max_age(self, max_age: usize) -> Self
Set a maximum time for which this CORS request maybe cached.
This value is set as the Access-Control-Max-Age header.
This defaults to None (unset).
sourcepub fn send_wildcard(self) -> Self
pub fn send_wildcard(self) -> Self
Set a wildcard origins
If send wildcard is set and the allowed_origins parameter is All, a
wildcard Access-Control-Allow-Origin response header is sent,
rather than the request’s Origin header.
This is the supports credentials flag in the
Resource Processing Model.
This CANNOT be used in conjunction with allowed_origins set to
All and allow_credentials set to true. Depending on the mode
of usage, this will either result in an Error:: CredentialsWithWildcardOrigin error during ntex launch or runtime.
Defaults to false.
sourcepub fn supports_credentials(self) -> Self
pub fn supports_credentials(self) -> Self
Allows users to make authenticated requests
If true, injects the Access-Control-Allow-Credentials header in
responses. This allows cookies and credentials to be submitted
across domains.
This option cannot be used in conjunction with an allowed_origin set
to All and send_wildcards set to true.
Defaults to false.
Builder panics if credentials are allowed, but the Origin is set to “*”. This is not allowed by W3C
sourcepub fn disable_vary_header(self) -> Self
pub fn disable_vary_header(self) -> Self
Disable Vary header support.
When enabled the header Vary: Origin will be returned as per the W3
implementation guidelines.
Setting this header when the Access-Control-Allow-Origin is
dynamically generated (e.g. when there is more than one allowed
origin, and an Origin than ‘*’ is returned) informs CDNs and other
caches that the CORS headers are dynamic, and cannot be cached.
By default vary header support is enabled.
sourcepub fn disable_preflight(self) -> Self
pub fn disable_preflight(self) -> Self
Disable preflight request support.
When enabled cors middleware automatically handles OPTIONS request. This is useful application level middleware.
By default preflight support is enabled.
sourcepub fn finish<Err>(self) -> CorsFactory<Err>
pub fn finish<Err>(self) -> CorsFactory<Err>
Construct cors middleware