1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
extern crate iron;
#[macro_use] extern crate log;
use iron::{Request, Response, IronResult, AroundMiddleware, Handler};
use iron::{headers, status};
pub struct CorsMiddleware {
allowed_hosts: Option<Vec<String>>,
}
impl CorsMiddleware {
pub fn with_whitelist(allowed_hosts: Vec<String>) -> Self {
CorsMiddleware { allowed_hosts: Some(allowed_hosts) }
}
pub fn with_allow_any() -> Self {
CorsMiddleware { allowed_hosts: None }
}
}
impl AroundMiddleware for CorsMiddleware {
fn around(self, handler: Box<Handler>) -> Box<Handler> {
Box::new(CorsHandler { handler: handler, allowed_hosts: self.allowed_hosts.clone() })
}
}
struct CorsHandler {
handler: Box<Handler>,
allowed_hosts: Option<Vec<String>>,
}
impl Handler for CorsHandler {
fn handle(&self, req: &mut Request) -> IronResult<Response> {
let origin = match req.headers.get::<headers::Origin>() {
Some(origin) => origin.clone(),
None => {
warn!("Not a valid CORS request: Missing Origin header");
return Ok(Response::with((status::BadRequest, "Invalid CORS request: Origin header missing")));
}
};
let may_process = match self.allowed_hosts {
Some(ref allowed_hosts) => allowed_hosts.contains(&origin.host.hostname),
None => true,
};
if may_process {
let mut res = try!(self.handler.handle(req));
let header = match origin.host.port {
Some(port) => format!("{}://{}:{}", &origin.scheme, &origin.host.hostname, &port),
None => format!("{}://{}", &origin.scheme, &origin.host.hostname),
};
res.headers.set(headers::AccessControlAllowOrigin::Value(header));
Ok(res)
} else {
warn!("Got disallowed CORS request from {}", &origin.host.hostname);
Ok(Response::with((status::BadRequest, "Invalid CORS request: Origin not allowed")))
}
}
}