CORS Middleware for Iron
A CORS Middleware for Iron.
See https://www.html5rocks.com/static/images/cors_server_flowchart.png for reference.
The middleware will return HTTP 400 Bad Request
if the origin host is missing
or not allowed.
Preflight requests are not yet supported.
Usage
There are two modes available:
Whitelist
The user of the middleware must specify a list of allowed hosts (port or
protocol aren't being checked by the middleware). The wrapped handler will only
be executed if the hostname in the Origin
header matches one of the allowed
hosts.
Initialize the middleware with a vector of allowed host strings:
extern crate iron_cors;
use CorsMiddleware;
let allowed_hosts = vec!;
let middleware = with_whitelist;
See examples/whitelist.rs
for a full usage example.
Allow Any
The user of the middleware can allow any origin header. The wrapped handler
will only be executed if the Origin
header is set. The value doesn't matter.
extern crate iron_cors;
use CorsMiddleware;
let middleware = with_allow_any;
See examples/allow_any.rs
for a full usage example.
License
Licensed under either of
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT) at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.