Struct rocket_cors::CorsOptions

source · []
pub struct CorsOptions {
    pub allowed_origins: AllowedOrigins,
    pub allowed_methods: AllowedMethods,
    pub allowed_headers: AllowedHeaders,
    pub allow_credentials: bool,
    pub expose_headers: HashSet<String>,
    pub max_age: Option<usize>,
    pub send_wildcard: bool,
    pub fairing_route_base: String,
    pub fairing_route_rank: isize,
}
Expand description

Configuration options for CORS request handling.

You create a new copy of this struct by defining the configurations in the fields below. This struct can also be deserialized by serde with the serialization feature which is enabled by default.

Default is implemented for this struct. The default for each field is described in the documentation for the field.

Before you can use this with Rocket, you will need to call the CorsOptions::to_cors method.

Examples

You can run an example from the repository to demonstrate the JSON serialization with cargo run --example json.

Pure default

let default = rocket_cors::CorsOptions::default();

JSON Examples

Default

{
  "allowed_origins": "All",
  "allowed_methods": [
    "POST",
    "PATCH",
    "PUT",
    "DELETE",
    "HEAD",
    "OPTIONS",
    "GET"
  ],
  "allowed_headers": "All",
  "allow_credentials": false,
  "expose_headers": [],
  "max_age": null,
  "send_wildcard": false,
  "fairing_route_base": "/cors",
  "fairing_route_rank": 0
}

Defined

{
  "allowed_origins": {
    "Some": {
        "exact": ["https://www.acme.com"],
        "regex": ["^https://www.example-[A-z0-9]*.com$"]
    }
  },
  "allowed_methods": [
    "POST",
    "DELETE",
    "GET"
  ],
  "allowed_headers": {
    "Some": [
      "Accept",
      "Authorization"
    ]
  },
  "allow_credentials": true,
  "expose_headers": [
    "Content-Type",
    "X-Custom"
  ],
  "max_age": 42,
  "send_wildcard": false,
  "fairing_route_base": "/mycors"
}

Fields

allowed_origins: AllowedOrigins

Origins that are allowed to make requests. Will be verified against the Origin request header.

When All is set, and send_wildcard is set, “*” will be sent in the Access-Control-Allow-Origin response header. Otherwise, the client’s Origin request header will be echoed back in the Access-Control-Allow-Origin response header.

When Some is set, the client’s Origin request header will be checked in a case-sensitive manner.

This is the list of origins in the Resource Processing Model.

Defaults to All.

allowed_methods: AllowedMethods

The list of methods which the allowed origins are allowed to access for non-simple requests.

This is the list of methods in the Resource Processing Model.

Defaults to [GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE]

allowed_headers: AllowedHeaders

The list of header field names which can be used when this resource is accessed by allowed origins.

If All is set, whatever is requested by the client in Access-Control-Request-Headers will be echoed back in the Access-Control-Allow-Headers header.

This is the list of headers in the Resource Processing Model.

Defaults to All.

allow_credentials: bool

Allows users to make authenticated requests. If true, injects the Access-Control-Allow-Credentials header in responses. This allows cookies and credentials to be submitted across domains.

This CANNOT be used in conjunction with allowed_origins set to All and send_wildcard set to true. Depending on the mode of usage, this will either result in an Error::CredentialsWithWildcardOrigin error during Rocket launch or runtime.

Defaults to false.

expose_headers: HashSet<String>

The list of headers which are safe to expose to the API of a CORS API specification. This corresponds to the Access-Control-Expose-Headers responde header.

This is the list of exposed headers in the Resource Processing Model.

This defaults to an empty set.

max_age: Option<usize>

The maximum time for which this CORS request maybe cached. This value is set as the Access-Control-Max-Age header.

This defaults to None (unset).

send_wildcard: bool

If true, and the allowed_origins parameter is All, a wildcard Access-Control-Allow-Origin response header is sent, rather than the request’s Origin header.

This is the supports credentials flag in the Resource Processing Model.

This CANNOT be used in conjunction with allowed_origins set to All and allow_credentials set to true. Depending on the mode of usage, this will either result in an Error::CredentialsWithWildcardOrigin error during Rocket launch or runtime.

Defaults to false.

fairing_route_base: String

When used as Fairing, Cors will need to redirect failed CORS checks to a custom route mounted by the fairing. Specify the base of the route so that it doesn’t clash with any of your existing routes.

Defaults to “/cors”

fairing_route_rank: isize

When used as Fairing, Cors will need to redirect failed CORS checks to a custom route mounted by the fairing. Specify the rank of the route so that it doesn’t clash with any of your existing routes. Remember that a higher ranked route has lower priority.

Defaults to 0

Implementations

Validates if any of the settings are disallowed, incorrect, or illegal

Creates a Cors struct that can be used to respond to requests or as a Rocket Fairing

Sets the allowed origins

Sets the allowed methodes

Sets the allowed headers

Marks if credentials are allowed

Sets the expose headers

Sets the max age

Marks if wildcards are send

Sets the base of the fairing route

Sets the rank of the fairing route

Trait Implementations

Returns a copy of the value. Read more

Performs copy-assignment from source. Read more

Formats the value using the given formatter. Read more

Returns the “default value” for a type. Read more

Deserialize this value from the given Serde deserializer. Read more

This method tests for self and other values to be equal, and is used by ==. Read more

This method tests for !=.

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

Compare self to key and return true if they are equal.

Performs the conversion.

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

Performs the conversion.

Converts self into a collection.

The resulting type after obtaining ownership.

Creates owned data from borrowed data, usually by cloning. Read more

🔬 This is a nightly-only experimental API. (toowned_clone_into)

Uses borrowed data to replace owned data, usually by cloning. Read more

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more