Crate iron_cors[−][src]

A CORS middleware for Iron with preflight support.

See https://www.html5rocks.com/static/images/cors_server_flowchart.png for reference.

Usage

There are two modes available:

Mode 1: Whitelist

The user of the middleware must specify a list of allowed hosts (port or protocol aren't being checked by the middleware). If the Origin header is set on a request and if the value matches one of the allowed hosts, the Access-Control-Allow-Origin header for that host is added to the response.

Initialize the middleware with a HashSet of allowed host strings:

use std::collections::HashSet;
use iron_cors::CorsMiddleware;

let allowed_hosts = ["example.com"].iter()
                                   .map(ToString::to_string)
                                   .collect::<HashSet<_>>();
let middleware = CorsMiddleware::with_whitelist(allowed_hosts);

See examples/whitelist.rs for a full usage example.

Mode 2: Allow Any

Alternatively, the user of the middleware can choose to allow requests from any origin. In that case, the Access-Control-Allow-Origin header is added to any request with an Origin header.

use iron_cors::CorsMiddleware;

let middleware = CorsMiddleware::with_allow_any();

See examples/allow_any.rs for a full usage example.

Structs

CorsMiddleware

The struct that holds the CORS configuration.