Expand description
CORS (Cross-Origin Resource Sharing) protection for Salvo web framework.
§Important
The CORS handler must be added to Service via .hoop(),
not to Router. This is because browsers send
OPTIONS preflight requests that don’t match any route, and only
Service-level middleware can intercept them.
use salvo_core::http::Method;
use salvo_core::prelude::*;
use salvo_cors::Cors;
#[handler]
async fn hello() -> &'static str {
"Hello World"
}
fn main() {
let cors = Cors::new()
.allow_origin("http://localhost:3000")
.allow_methods([Method::GET, Method::POST, Method::DELETE])
.allow_headers("authorization")
.into_handler();
let router = Router::new().get(hello);
// CORS must be on Service, NOT on Router
let _service = Service::new(router).hoop(cors);
}Structs§
- Allow
Credentials - Holds configuration for how to set the
Access-Control-Allow-Credentialsheader. - Allow
Headers - Holds configuration for how to set the
Access-Control-Allow-Headersheader. - Allow
Methods - Holds configuration for how to set the
Access-Control-Allow-Methodsheader. - Allow
Origin - Holds configuration for how to set the
Access-Control-Allow-Originheader. - Allow
Private Network - Holds configuration for how to set the
Access-Control-Allow-Private-Networkheader. - Any
- Represents a wildcard value (
*) used with some CORS headers such asCors::allow_methods. - Cors
Corsmiddleware which adds headers for CORS.- Cors
Handler - CorsHandler
- Expose
Headers - Holds configuration for how to set the
Access-Control-Expose-Headersheader. - MaxAge
- Holds configuration for how to set the
Access-Control-Max-Ageheader. - Vary
- Holds configuration for how to set the
Varyheader.
Enums§
- Call
Next - Enum to control when to call next handler.
Functions§
- preflight_
request_ headers - Iterator over the three request headers that may be involved in a CORS preflight request.