Struct rocket_cors::Cors

source · 
pub struct Cors {
    pub allowed_origins: AllowedOrigins,
    pub allowed_methods: AllowedMethods,
    pub allowed_headers: AllOrSome<HashSet<HeaderFieldName>>,
    pub allow_credentials: bool,
    pub expose_headers: HashSet<String>,
    pub max_age: Option<usize>,
    pub send_wildcard: bool,
    pub fairing_route_base: String,
    pub fairing_route_rank: isize,
}
Expand description

Response generator and Fairing for CORS

This struct can be as Fairing or in an ad-hoc manner to generate CORS response. See the documentation at the crate root for usage information.

You create a new copy of this struct by defining the configurations in the fields below. This struct can also be deserialized by serde with the serialization feature which is enabled by default.

Default is implemented for this struct. The default for each field is described in the docuementation for the field.

Examples

You can run an example from the repository to demonstrate the JSON serialization with cargo run --example json.

Pure default

let default = rocket_cors::Cors::default();

JSON Examples

Default

{
  "allowed_origins": "All",
  "allowed_methods": [
    "POST",
    "PATCH",
    "PUT",
    "DELETE",
    "HEAD",
    "OPTIONS",
    "GET"
  ],
  "allowed_headers": "All",
  "allow_credentials": false,
  "expose_headers": [],
  "max_age": null,
  "send_wildcard": false,
  "fairing_route_base": "/cors",
  "fairing_route_rank": 0
}

Defined

{
  "allowed_origins": {
    "Some": [
      "https://www.acme.com/"
    ]
  },
  "allowed_methods": [
    "POST",
    "DELETE",
    "GET"
  ],
  "allowed_headers": {
    "Some": [
      "Accept",
      "Authorization"
    ]
  },
  "allow_credentials": true,
  "expose_headers": [
    "Content-Type",
    "X-Custom"
  ],
  "max_age": 42,
  "send_wildcard": false,
  "fairing_route_base": "/mycors"
}

Fields

allowed_origins: AllowedOrigins

Origins that are allowed to make requests. Will be verified against the Origin request header.

When All is set, and send_wildcard is set, “*” will be sent in the Access-Control-Allow-Origin response header. Otherwise, the client’s Origin request header will be echoed back in the Access-Control-Allow-Origin response header.

When Some is set, the client’s Origin request header will be checked in a case-sensitive manner.

This is the list of origins in the Resource Processing Model.

Defaults to All.

allowed_methods: AllowedMethods

The list of methods which the allowed origins are allowed to access for non-simple requests.

This is the list of methods in the Resource Processing Model.

Defaults to [GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE]

allowed_headers: AllOrSome<HashSet<HeaderFieldName>>

The list of header field names which can be used when this resource is accessed by allowed origins.

If All is set, whatever is requested by the client in Access-Control-Request-Headers will be echoed back in the Access-Control-Allow-Headers header.

This is the list of headers in the Resource Processing Model.

Defaults to All.

allow_credentials: bool

Allows users to make authenticated requests. If true, injects the Access-Control-Allow-Credentials header in responses. This allows cookies and credentials to be submitted across domains.

This CANNOT be used in conjunction with allowed_origins set to All and send_wildcard set to true. Depending on the mode of usage, this will either result in an Error::CredentialsWithWildcardOrigin error during Rocket launch or runtime.

Defaults to false.

expose_headers: HashSet<String>

The list of headers which are safe to expose to the API of a CORS API specification. This corresponds to the Access-Control-Expose-Headers responde header.

This is the list of exposed headers in the Resource Processing Model.

This defaults to an empty set.

max_age: Option<usize>

The maximum time for which this CORS request maybe cached. This value is set as the Access-Control-Max-Age header.

This defaults to None (unset).

send_wildcard: bool

If true, and the allowed_origins parameter is All, a wildcard Access-Control-Allow-Origin response header is sent, rather than the request’s Origin header.

This is the supports credentials flag in the Resource Processing Model.

This CANNOT be used in conjunction with allowed_origins set to All and allow_credentials set to true. Depending on the mode of usage, this will either result in an Error::CredentialsWithWildcardOrigin error during Rocket launch or runtime.

Defaults to false.

fairing_route_base: String

When used as Fairing, Cors will need to redirect failed CORS checks to a custom route mounted by the fairing. Specify the base of the route so that it doesn’t clash with any of your existing routes.

Defaults to “/cors”

fairing_route_rank: isize

When used as Fairing, Cors will need to redirect failed CORS checks to a custom route mounted by the fairing. Specify the rank of the route so that it doesn’t clash with any of your existing routes. Remember that a higher ranked route has lower priority.

Defaults to 0

Implementations

Validates if any of the settings are disallowed or incorrect

This is run during initial Fairing attachment

Manually respond to a request with CORS checks and headers using an Owned Cors.

Use this variant when your Cors struct will not live at least as long as the whole 'r lifetime of the request.

After the CORS checks are done, the passed in handler closure will be run to generate a final response. You will have to merge your response with the Guard that you have been passed in to include the CORS headers.

See the documentation at the crate root for usage information.

Manually respond to a request with CORS checks and headers using a borrowed Cors.

Use this variant when your Cors struct will live at least as long as the whole 'r lifetime of the request. If you are getting your Cors from Rocket’s state, you will have to use the inner function to get a longer borrowed lifetime.

After the CORS checks are done, the passed in handler closure will be run to generate a final response. You will have to merge your response with the Guard that you have been passed in to include the CORS headers.

See the documentation at the crate root for usage information.

Trait Implementations

Returns a copy of the value. Read more
Performs copy-assignment from source. Read more
Formats the value using the given formatter. Read more
Returns the “default value” for a type. Read more
Deserialize this value from the given Serde deserializer. Read more
Returns an Info structure containing the name and Kind of this fairing. The name can be any arbitrary string. Kind must be an ord set of Kind variants. Read more
The attach callback. Returns Ok if launch should proceed and Err if launch should be aborted. Read more
The request callback. Read more
The response callback. Read more
The launch callback. Read more
This method tests for self and other values to be equal, and is used by ==. Read more
This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason. Read more
Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more
Compare self to key and return true if they are equal.

Returns the argument unchanged.

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Converts self into a collection.
Should always be Self
The resulting type after obtaining ownership.
Creates owned data from borrowed data, usually by cloning. Read more
Uses borrowed data to replace owned data, usually by cloning. Read more
The type returned in the event of a conversion error.
Performs the conversion.
The type returned in the event of a conversion error.
Performs the conversion.
Get the TypeId of this object.