Crate iron_cors [−] [src]

A CORS middleware for Iron.

See https://www.html5rocks.com/static/images/cors_server_flowchart.png for reference.

The middleware will return HTTP 400 Bad Request if the Origin host is missing or not allowed.

Preflight requests are not yet supported.

Usage

There are two modes available:

Mode 1: Whitelist

The user of the middleware must specify a list of allowed hosts (port or protocol aren't being checked by the middleware). The wrapped handler will only be executed if the hostname in the Origin header matches one of the allowed hosts. Requests without an Origin header will be rejected.

Initialize the middleware with a vector of allowed host strings:

use iron_cors::CorsMiddleware;

let allowed_hosts = vec!["example.com".to_string()];
let middleware = CorsMiddleware::with_whitelist(allowed_hosts);

See examples/whitelist.rs for a full usage example.

Mode 2: Allow Any

The user of the middleware can allow any origin header. The wrapped handler will only be executed if the Origin header is set. The value doesn't matter.

use iron_cors::CorsMiddleware;

let middleware = CorsMiddleware::with_allow_any(true);

The boolean flag specifies whether requests without an Origin header should be rejected or not.

See examples/allow_any.rs for a full usage example.

Structs

CorsMiddleware

The struct that holds the CORS configuration.