Module cors

Expand description

CORS (Cross-Origin Resource Sharing) Configuration for ReasonKit Web

This module provides a strict CORS policy for the HTTP server, allowing only localhost origins for security. This is essential for MCP HTTP transport and browser-based integrations.

§Security Policy

Allowed Origins: Only localhost and 127.0.0.1 on any port
Allowed Methods: GET, POST, OPTIONS (preflight)
Allowed Headers: Content-Type, Authorization
Max Age: 3600 seconds (1 hour) for preflight caching

§Example

use reasonkit_web::cors::cors_layer;
use axum::Router;

let app = Router::new()
    .route("/api/mcp", post(mcp_handler))
    .layer(cors_layer());

Structs§

CorsConfig: CORS configuration options.
CorsValidationResult: Result of CORS validation containing diagnostic information.

Constants§

ALLOWED_HEADERS: Standard allowed headers for MCP HTTP transport
ALLOWED_METHODS: Standard allowed methods for MCP HTTP transport
DEFAULT_MAX_AGE_SECS: Default max age for preflight cache (1 hour)

Functions§

cors_layer: Creates a strict CORS layer that only allows localhost origins.
cors_layer_permissive: Creates a permissive CORS layer for development/testing.
cors_layer_with_config: Creates a CORS layer with custom configuration.
is_localhost_origin: Checks if the given origin is a localhost origin.
validate_origin: Validates an origin and returns detailed information.

Module cors

Module cors Copy item path

§Security Policy

§Example

Structs§

Constants§

Functions§

Module cors