Crate iron_cors [−] [src]

A CORS middleware for Iron.

See https://www.html5rocks.com/static/images/cors_server_flowchart.png for reference.

The middleware will return HTTP 400 Bad Request if the Origin host is missing or not allowed.

Preflight requests are not yet supported.

Usage

There are two modes available:

Mode 1: Whitelist

The user of the middleware must specify a list of allowed hosts (port or protocol aren't being checked by the middleware). The wrapped handler will only be executed if the hostname in the Origin header matches one of the allowed hosts. Requests without an Origin header will be rejected.

Initialize the middleware with a HashSet of allowed host strings:

use std::collections::HashSet;
use iron_cors::CorsMiddleware;

let allowed_hosts = ["example.com"].iter()
                                   .map(ToString::to_string)
                                   .collect::<HashSet<_>>();
let middleware = CorsMiddleware::with_whitelist(allowed_hosts);

See examples/whitelist.rs for a full usage example.

Mode 2: Allow Any

Alternatively, the user of the middleware can choose to allow requests from any origin.

use iron_cors::CorsMiddleware;

let middleware = CorsMiddleware::with_allow_any(true);

The boolean flag specifies whether requests without an Origin header are acceptable. When set to false, requests without that header will be answered with a HTTP 400 response.

See examples/allow_any.rs for a full usage example.

Structs

CorsMiddleware

The struct that holds the CORS configuration.