Function cors_layer 

pub fn cors_layer() -> CorsLayer

Creates a strict CORS layer that only allows localhost origins.

This is the recommended configuration for development and local MCP servers. For production deployments with specific domain requirements, use cors_layer_with_origins instead.

Security Properties

• Only allows requests from http://localhost:* and http://127.0.0.1:*
• Blocks all external origins including other private IP ranges
• Properly handles preflight OPTIONS requests
• Does not expose credentials by default

Example

use reasonkit_web::cors::cors_layer;
use axum::Router;

let app = Router::new()
    .layer(cors_layer());