pub struct CorsPlugin {
pub allowed_origins: Vec<String>,
pub allow_credentials: bool,
}Expand description
CORS plugin. Validates request origins against an allowlist.
Fields§
§allowed_origins: Vec<String>Allowed origins. Empty = allow all (“*”).
allow_credentials: boolWhether to allow credentials.
Implementations§
Source§impl CorsPlugin
impl CorsPlugin
Sourcepub fn is_allowed(&self, origin: &str) -> bool
pub fn is_allowed(&self, origin: &str) -> bool
Check if an origin is allowed.
Sourcepub fn allow_origin_header(&self, request_origin: Option<&str>) -> String
pub fn allow_origin_header(&self, request_origin: Option<&str>) -> String
Get the Access-Control-Allow-Origin header value.
Trait Implementations§
Source§impl Plugin for CorsPlugin
impl Plugin for CorsPlugin
Source§fn on_request(
&self,
_method: &str,
_path: &str,
_auth: &AuthContext,
) -> Result<(), PluginError>
fn on_request( &self, _method: &str, _path: &str, _auth: &AuthContext, ) -> Result<(), PluginError>
Called on every incoming request (middleware).
Source§fn on_init(&self, _ctx: &PluginContext)
fn on_init(&self, _ctx: &PluginContext)
Called once when the plugin is registered.
Source§fn routes(&self) -> Vec<PluginRoute>
fn routes(&self) -> Vec<PluginRoute>
Custom API routes this plugin handles.
Source§fn before_insert(
&self,
_entity: &str,
_data: &mut Value,
_auth: &AuthContext,
) -> Result<(), PluginError>
fn before_insert( &self, _entity: &str, _data: &mut Value, _auth: &AuthContext, ) -> Result<(), PluginError>
Called before an entity insert. Return Err to reject.
Source§fn after_insert(
&self,
_entity: &str,
_id: &str,
_data: &Value,
_auth: &AuthContext,
)
fn after_insert( &self, _entity: &str, _id: &str, _data: &Value, _auth: &AuthContext, )
Called after a successful insert.
Source§fn before_update(
&self,
_entity: &str,
_id: &str,
_data: &mut Value,
_auth: &AuthContext,
) -> Result<(), PluginError>
fn before_update( &self, _entity: &str, _id: &str, _data: &mut Value, _auth: &AuthContext, ) -> Result<(), PluginError>
Called before an entity update. Return Err to reject.
Source§fn after_update(
&self,
_entity: &str,
_id: &str,
_data: &Value,
_auth: &AuthContext,
)
fn after_update( &self, _entity: &str, _id: &str, _data: &Value, _auth: &AuthContext, )
Called after a successful update.
Source§fn before_delete(
&self,
_entity: &str,
_id: &str,
_auth: &AuthContext,
) -> Result<(), PluginError>
fn before_delete( &self, _entity: &str, _id: &str, _auth: &AuthContext, ) -> Result<(), PluginError>
Called before an entity delete. Return Err to reject.
Source§fn after_delete(&self, _entity: &str, _id: &str, _auth: &AuthContext)
fn after_delete(&self, _entity: &str, _id: &str, _auth: &AuthContext)
Called after a successful delete.
Source§fn on_request_with_meta(
&self,
method: &str,
path: &str,
auth: &AuthContext,
_meta: &RequestMeta<'_>,
) -> Result<(), PluginError>
fn on_request_with_meta( &self, method: &str, path: &str, auth: &AuthContext, _meta: &RequestMeta<'_>, ) -> Result<(), PluginError>
Richer variant of [
on_request] that also receives per-request
metadata (peer IP today; more fields may be added later). The
default implementation delegates to on_request so existing
plugins keep working without changes. Plugins that care about
IP — notably rate limiting — override this hook.Source§fn on_session_create(&self, _user_id: &str, _token: &str)
fn on_session_create(&self, _user_id: &str, _token: &str)
Called when a new session is created.
Source§fn entities(&self) -> Vec<ManifestEntity>
fn entities(&self) -> Vec<ManifestEntity>
Additional manifest entities this plugin contributes.
Auto Trait Implementations§
impl Freeze for CorsPlugin
impl RefUnwindSafe for CorsPlugin
impl Send for CorsPlugin
impl Sync for CorsPlugin
impl Unpin for CorsPlugin
impl UnsafeUnpin for CorsPlugin
impl UnwindSafe for CorsPlugin
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more