Crate iron_cors [−] [src]
A CORS middleware for Iron.
See https://www.html5rocks.com/static/images/cors_server_flowchart.png for reference.
The middleware will return HTTP 400 Bad Request
if the Origin host is
missing or not allowed.
Preflight requests are not yet supported.
Usage
There are two modes available:
Mode 1: Whitelist
The user of the middleware must specify a list of allowed hosts (port or
protocol aren't being checked by the middleware). The wrapped handler will only
be executed if the hostname in the Origin
header matches one of the allowed
hosts. Requests without an Origin
header will be rejected.
Initialize the middleware with a HashSet
of allowed host strings:
use std::collections::HashSet; use iron_cors::CorsMiddleware; let allowed_hosts = ["example.com"].iter() .map(ToString::to_string) .collect::<HashSet<_>>(); let middleware = CorsMiddleware::with_whitelist(allowed_hosts);
See
examples/whitelist.rs
for a full usage example.
Mode 2: Allow Any
Alternatively, the user of the middleware can choose to allow requests from any origin.
use iron_cors::CorsMiddleware; let middleware = CorsMiddleware::with_allow_any(true);
The boolean flag specifies whether requests without an Origin
header are
acceptable. When set to false
, requests without that header will be
answered with a HTTP 400 response.
See
examples/allow_any.rs
for a full usage example.
Structs
CorsMiddleware |
The struct that holds the CORS configuration. |