[][src]Struct scrappy_cors::Cors

pub struct Cors { /* fields omitted */ }

Structure that follows the builder pattern for building Cors middleware structs.

To construct a cors:

  1. Call Cors::build to start building.
  2. Use any of the builder methods to set fields in the backend.
  3. Call finish to retrieve the constructed backend.

Example

use scrappy_cors::Cors;
use scrappy::http::header;

let cors = Cors::new()
    .allowed_origin("https://www.rust-lang.org/")
    .allowed_methods(vec!["GET", "POST"])
    .allowed_headers(vec![header::AUTHORIZATION, header::ACCEPT])
    .allowed_header(header::CONTENT_TYPE)
    .max_age(3600);

Methods

impl Cors[src]

pub fn new() -> Cors[src]

Build a new CORS middleware instance

pub fn default() -> CorsFactory[src]

Build a new CORS default middleware

pub fn allowed_origin(self, origin: &str) -> Cors[src]

Add an origin that are allowed to make requests. Will be verified against the Origin request header.

When All is set, and send_wildcard is set, "*" will be sent in the Access-Control-Allow-Origin response header. Otherwise, the client's Origin request header will be echoed back in the Access-Control-Allow-Origin response header.

When Some is set, the client's Origin request header will be checked in a case-sensitive manner.

This is the list of origins in the Resource Processing Model.

Defaults to All.

Builder panics if supplied origin is not valid uri.

pub fn allowed_methods<U, M>(self, methods: U) -> Cors where
    U: IntoIterator<Item = M>,
    Method: TryFrom<M>,
    <Method as TryFrom<M>>::Error: Into<HttpError>, [src]

Set a list of methods which the allowed origins are allowed to access for requests.

This is the list of methods in the Resource Processing Model.

Defaults to [GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE]

pub fn allowed_header<H>(self, header: H) -> Cors where
    HeaderName: TryFrom<H>,
    <HeaderName as TryFrom<H>>::Error: Into<HttpError>, [src]

Set an allowed header

pub fn allowed_headers<U, H>(self, headers: U) -> Cors where
    U: IntoIterator<Item = H>,
    HeaderName: TryFrom<H>,
    <HeaderName as TryFrom<H>>::Error: Into<HttpError>, [src]

Set a list of header field names which can be used when this resource is accessed by allowed origins.

If All is set, whatever is requested by the client in Access-Control-Request-Headers will be echoed back in the Access-Control-Allow-Headers header.

This is the list of headers in the Resource Processing Model.

Defaults to All.

pub fn expose_headers<U, H>(self, headers: U) -> Cors where
    U: IntoIterator<Item = H>,
    HeaderName: TryFrom<H>,
    <HeaderName as TryFrom<H>>::Error: Into<HttpError>, [src]

Set a list of headers which are safe to expose to the API of a CORS API specification. This corresponds to the Access-Control-Expose-Headers response header.

This is the list of exposed headers in the Resource Processing Model.

This defaults to an empty set.

pub fn max_age(self, max_age: usize) -> Cors[src]

Set a maximum time for which this CORS request maybe cached. This value is set as the Access-Control-Max-Age header.

This defaults to None (unset).

pub fn send_wildcard(self) -> Cors[src]

Set a wildcard origins

If send wildcard is set and the allowed_origins parameter is All, a wildcard Access-Control-Allow-Origin response header is sent, rather than the request’s Origin header.

This is the supports credentials flag in the Resource Processing Model.

This CANNOT be used in conjunction with allowed_origins set to All and allow_credentials set to true. Depending on the mode of usage, this will either result in an Error:: CredentialsWithWildcardOrigin error during scrappy launch or runtime.

Defaults to false.

pub fn supports_credentials(self) -> Cors[src]

Allows users to make authenticated requests

If true, injects the Access-Control-Allow-Credentials header in responses. This allows cookies and credentials to be submitted across domains.

This option cannot be used in conjunction with an allowed_origin set to All and send_wildcards set to true.

Defaults to false.

Builder panics if credentials are allowed, but the Origin is set to "*". This is not allowed by W3C

pub fn disable_vary_header(self) -> Cors[src]

Disable Vary header support.

When enabled the header Vary: Origin will be returned as per the W3 implementation guidelines.

Setting this header when the Access-Control-Allow-Origin is dynamically generated (e.g. when there is more than one allowed origin, and an Origin than '*' is returned) informs CDNs and other caches that the CORS headers are dynamic, and cannot be cached.

By default vary header support is enabled.

pub fn disable_preflight(self) -> Cors[src]

Disable preflight request support.

When enabled cors middleware automatically handles OPTIONS request. This is useful application level middleware.

By default preflight support is enabled.

pub fn finish(self) -> CorsFactory[src]

Construct cors middleware

Trait Implementations

impl Default for Cors[src]

Auto Trait Implementations

impl RefUnwindSafe for Cors

impl Send for Cors

impl Sync for Cors

impl Unpin for Cors

impl UnwindSafe for Cors

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized[src]

impl<T> Borrow<T> for T where
    T: ?Sized[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized[src]

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, [src]

impl<T> Same<T> for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T where
    U: Into<T>, [src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

impl<V, T> VZip<V> for T where
    V: MultiLane<T>,