Crate iron_cors [−] [src]
A CORS middleware for Iron.
See https://www.html5rocks.com/static/images/cors_server_flowchart.png for reference.
The middleware will return HTTP 400 Bad Request
if the Origin host is
missing or not allowed.
Preflight requests are not yet supported.
Usage
There are two modes available:
Mode 1: Whitelist
The user of the middleware must specify a list of allowed hosts (port or
protocol aren't being checked by the middleware). The wrapped handler will only
be executed if the hostname in the Origin
header matches one of the allowed
hosts. Requests without an Origin
header will be rejected.
Initialize the middleware with a vector of allowed host strings:
use iron_cors::CorsMiddleware; let allowed_hosts = vec!["example.com".to_string()]; let middleware = CorsMiddleware::with_whitelist(allowed_hosts);
See examples/whitelist.rs
for a full usage example.
Mode 2: Allow Any
The user of the middleware can allow any origin header. The wrapped handler
will only be executed if the Origin
header is set. The value doesn't matter.
use iron_cors::CorsMiddleware; let middleware = CorsMiddleware::with_allow_any(true);
The boolean flag specifies whether requests without an Origin
header should
be rejected or not.
See examples/allow_any.rs
for a full usage example.
Structs
CorsMiddleware |
The struct that holds the CORS configuration. |