Struct rocket_cors::CorsOptions
source ·
[−]pub struct CorsOptions {
pub allowed_origins: AllowedOrigins,
pub allowed_methods: AllowedMethods,
pub allowed_headers: AllowedHeaders,
pub allow_credentials: bool,
pub expose_headers: HashSet<String>,
pub max_age: Option<usize>,
pub send_wildcard: bool,
pub fairing_route_base: String,
pub fairing_route_rank: isize,
}
Expand description
Configuration options for CORS request handling.
You create a new copy of this struct by defining the configurations in the fields below.
This struct can also be deserialized by serde with the serialization
feature which is
enabled by default.
Default
is implemented for this
struct. The default for each field is described in the documentation for the field.
Before you can use this with Rocket, you will need to call the CorsOptions::to_cors
method.
Examples
You can run an example from the repository to demonstrate the JSON serialization with
cargo run --example json
.
Pure default
let default = rocket_cors::CorsOptions::default();
JSON Examples
Default
{
"allowed_origins": "All",
"allowed_methods": [
"POST",
"PATCH",
"PUT",
"DELETE",
"HEAD",
"OPTIONS",
"GET"
],
"allowed_headers": "All",
"allow_credentials": false,
"expose_headers": [],
"max_age": null,
"send_wildcard": false,
"fairing_route_base": "/cors",
"fairing_route_rank": 0
}
Defined
{
"allowed_origins": {
"Some": {
"exact": ["https://www.acme.com"],
"regex": ["^https://www.example-[A-z0-9]*.com$"]
}
},
"allowed_methods": [
"POST",
"DELETE",
"GET"
],
"allowed_headers": {
"Some": [
"Accept",
"Authorization"
]
},
"allow_credentials": true,
"expose_headers": [
"Content-Type",
"X-Custom"
],
"max_age": 42,
"send_wildcard": false,
"fairing_route_base": "/mycors"
}
Fields
allowed_origins: AllowedOrigins
Origins that are allowed to make requests.
Will be verified against the Origin
request header.
When All
is set, and send_wildcard
is set, “*” will be sent in
the Access-Control-Allow-Origin
response header. Otherwise, the client’s Origin
request
header will be echoed back in the Access-Control-Allow-Origin
response header.
When Some
is set, the client’s Origin
request header will be checked in a
case-sensitive manner.
This is the list of origins
in the
Resource Processing Model.
Defaults to All
.
allowed_methods: AllowedMethods
The list of methods which the allowed origins are allowed to access for non-simple requests.
This is the list of methods
in the
Resource Processing Model.
Defaults to [GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE]
allowed_headers: AllowedHeaders
The list of header field names which can be used when this resource is accessed by allowed origins.
If All
is set, whatever is requested by the client in Access-Control-Request-Headers
will be echoed back in the Access-Control-Allow-Headers
header.
This is the list of headers
in the
Resource Processing Model.
Defaults to All
.
allow_credentials: bool
Allows users to make authenticated requests.
If true, injects the Access-Control-Allow-Credentials
header in responses.
This allows cookies and credentials to be submitted across domains.
This CANNOT be used in conjunction with allowed_origins
set to All
and
send_wildcard
set to true
. Depending on the mode of usage, this will either result
in an Error::CredentialsWithWildcardOrigin
error during Rocket launch or runtime.
Defaults to false
.
expose_headers: HashSet<String>
The list of headers which are safe to expose to the API of a CORS API specification.
This corresponds to the Access-Control-Expose-Headers
responde header.
This is the list of exposed headers
in the
Resource Processing Model.
This defaults to an empty set.
max_age: Option<usize>
The maximum time for which this CORS request maybe cached. This value is set as the
Access-Control-Max-Age
header.
This defaults to None
(unset).
send_wildcard: bool
If true, and the allowed_origins
parameter is All
, a wildcard
Access-Control-Allow-Origin
response header is sent, rather than the request’s
Origin
header.
This is the supports credentials flag
in the
Resource Processing Model.
This CANNOT be used in conjunction with allowed_origins
set to All
and
allow_credentials
set to true
. Depending on the mode of usage, this will either result
in an Error::CredentialsWithWildcardOrigin
error during Rocket launch or runtime.
Defaults to false
.
fairing_route_base: String
When used as Fairing, Cors will need to redirect failed CORS checks to a custom route mounted by the fairing. Specify the base of the route so that it doesn’t clash with any of your existing routes.
Defaults to “/cors”
fairing_route_rank: isize
When used as Fairing, Cors will need to redirect failed CORS checks to a custom route mounted by the fairing. Specify the rank of the route so that it doesn’t clash with any of your existing routes. Remember that a higher ranked route has lower priority.
Defaults to 0
Implementations
Validates if any of the settings are disallowed, incorrect, or illegal
Creates a Cors
struct that can be used to respond to requests or as a Rocket Fairing
Sets the allowed origins
Sets the allowed methodes
Sets the allowed headers
Marks if credentials are allowed
Sets the expose headers
Marks if wildcards are send
Sets the base of the fairing route
Sets the rank of the fairing route
Trait Implementations
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
__D: Deserializer<'de>,
Deserialize this value from the given Serde deserializer. Read more
This method tests for self
and other
values to be equal, and is used
by ==
. Read more
This method tests for !=
.
Auto Trait Implementations
impl RefUnwindSafe for CorsOptions
impl Send for CorsOptions
impl Sync for CorsOptions
impl Unpin for CorsOptions
impl UnwindSafe for CorsOptions
Blanket Implementations
Mutably borrows from an owned value. Read more
Compare self to key
and return true
if they are equal.
pub fn into_collection<A>(self) -> SmallVec<A> where
A: Array<Item = T>,
pub fn into_collection<A>(self) -> SmallVec<A> where
A: Array<Item = T>,
Converts self
into a collection.
Attaches the provided Subscriber
to this type, returning a
WithDispatch
wrapper. Read more
Attaches the current default Subscriber
to this type, returning a
WithDispatch
wrapper. Read more