ntex_cors

Struct Cors

Source 
pub struct Cors { /* private fields */ }
Expand description

Structure that follows the builder pattern for building Cors middleware structs.

To construct a cors:

  1. Call Cors::build to start building.
  2. Use any of the builder methods to set fields in the backend.
  3. Call finish to retrieve the constructed backend.

§Example

use ntex_cors::Cors;
use ntex::http::header;

let cors = Cors::new()
    .allowed_origin("https://www.rust-lang.org/")
    .allowed_methods(vec!["GET", "POST"])
    .allowed_headers(vec![header::AUTHORIZATION, header::ACCEPT])
    .allowed_header(header::CONTENT_TYPE)
    .max_age(3600);

Implementations§

Source§

impl Cors

Source

pub fn new() -> Self

Build a new CORS middleware instance

Source

pub fn default<Err>() -> CorsFactory<Err>

Build a new CORS default middleware

Source

pub fn allowed_origin(self, origin: &str) -> Self

Add an origin that are allowed to make requests. Will be verified against the Origin request header.

When All is set, and send_wildcard is set, “*” will be sent in the Access-Control-Allow-Origin response header. Otherwise, the client’s Origin request header will be echoed back in the Access-Control-Allow-Origin response header.

When Some is set, the client’s Origin request header will be checked in a case-sensitive manner.

This is the list of origins in the Resource Processing Model.

Defaults to All.

Builder panics if supplied origin is not valid uri.

Source

pub fn allowed_methods<U, M>(self, methods: U) -> Self
where U: IntoIterator<Item = M>, Method: TryFrom<M>, <Method as TryFrom<M>>::Error: Into<HttpError>,

Set a list of methods which the allowed origins are allowed to access for requests.

This is the list of methods in the Resource Processing Model.

Defaults to [GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE]

Source

pub fn allowed_header<H>(self, header: H) -> Self
where HeaderName: TryFrom<H>, <HeaderName as TryFrom<H>>::Error: Into<HttpError>,

Set an allowed header

Source

pub fn allowed_headers<U, H>(self, headers: U) -> Self
where U: IntoIterator<Item = H>, HeaderName: TryFrom<H>, <HeaderName as TryFrom<H>>::Error: Into<HttpError>,

Set a list of header field names which can be used when this resource is accessed by allowed origins.

If All is set, whatever is requested by the client in Access-Control-Request-Headers will be echoed back in the Access-Control-Allow-Headers header.

This is the list of headers in the Resource Processing Model.

Defaults to All.

Source

pub fn expose_headers<U, H>(self, headers: U) -> Self
where U: IntoIterator<Item = H>, HeaderName: TryFrom<H>, <HeaderName as TryFrom<H>>::Error: Into<HttpError>,

Set a list of headers which are safe to expose to the API of a CORS API specification. This corresponds to the Access-Control-Expose-Headers response header.

This is the list of exposed headers in the Resource Processing Model.

This defaults to an empty set.

Source

pub fn max_age(self, max_age: usize) -> Self

Set a maximum time for which this CORS request maybe cached. This value is set as the Access-Control-Max-Age header.

This defaults to None (unset).

Source

pub fn send_wildcard(self) -> Self

Set a wildcard origins

If send wildcard is set and the allowed_origins parameter is All, a wildcard Access-Control-Allow-Origin response header is sent, rather than the request’s Origin header.

This is the supports credentials flag in the Resource Processing Model.

This CANNOT be used in conjunction with allowed_origins set to All and allow_credentials set to true. Depending on the mode of usage, this will either result in an Error:: CredentialsWithWildcardOrigin error during ntex launch or runtime.

Defaults to false.

Source

pub fn supports_credentials(self) -> Self

Allows users to make authenticated requests

If true, injects the Access-Control-Allow-Credentials header in responses. This allows cookies and credentials to be submitted across domains.

This option cannot be used in conjunction with an allowed_origin set to All and send_wildcards set to true.

Defaults to false.

Builder panics if credentials are allowed, but the Origin is set to “*”. This is not allowed by W3C

Source

pub fn disable_vary_header(self) -> Self

Disable Vary header support.

When enabled the header Vary: Origin will be returned as per the W3 implementation guidelines.

Setting this header when the Access-Control-Allow-Origin is dynamically generated (e.g. when there is more than one allowed origin, and an Origin than ‘*’ is returned) informs CDNs and other caches that the CORS headers are dynamic, and cannot be cached.

By default vary header support is enabled.

Source

pub fn disable_preflight(self) -> Self

Disable preflight request support.

When enabled cors middleware automatically handles OPTIONS request. This is useful application level middleware.

By default preflight support is enabled.

Source

pub fn finish<Err>(self) -> CorsFactory<Err>

Construct cors middleware

Trait Implementations§

Source§

impl Default for Cors

Source§

fn default() -> Cors

Returns the “default value” for a type. Read more

Auto Trait Implementations§

§

impl Freeze for Cors

§

impl !RefUnwindSafe for Cors

§

impl Send for Cors

§

impl Sync for Cors

§

impl Unpin for Cors

§

impl !UnwindSafe for Cors

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more