Struct tower_http::cors::CorsLayer
source · [−]pub struct CorsLayer { /* private fields */ }
cors
only.Expand description
Layer that applies the Cors
middleware which adds headers for CORS.
See the module docs for an example.
Implementations
Create a new CorsLayer
.
This creates a restrictive configuration. Use the builder methods to customize the behavior.
A very permissive configuration suitable for development:
- Credentials allowed.
- All request headers allowed.
- All methods allowed.
- All origins allowed.
- All headers exposed.
- Max age set to 1 hour.
Note this is not recommended for production use.
Set the Access-Control-Allow-Credentials
header.
use tower_http::cors::CorsLayer;
let layer = CorsLayer::new().allow_credentials(true);
Set the value of the Access-Control-Allow-Headers
header.
use tower_http::cors::CorsLayer;
use http::header::{AUTHORIZATION, ACCEPT};
let layer = CorsLayer::new().allow_headers(vec![AUTHORIZATION, ACCEPT]);
All headers can be allowed with
use tower_http::cors::{CorsLayer, any};
let layer = CorsLayer::new().allow_headers(any());
Note that multiple calls to this method will override any previous calls.
Also note that Access-Control-Allow-Headers
is required for requests that have
Access-Control-Request-Headers
.
Set the value of the Access-Control-Max-Age
header.
use tower_http::cors::CorsLayer;
use std::time::Duration;
let layer = CorsLayer::new().max_age(Duration::from_secs(60) * 10);
By default the header will not be set which disables caching and will require a preflight call for all requests.
Note that each browser has a maximum internal value that takes precedence when the Access-Control-Max-Age is greater. For more details see mdn.
Set the value of the Access-Control-Allow-Methods
header.
use tower_http::cors::CorsLayer;
use http::Method;
let layer = CorsLayer::new().allow_methods(vec![Method::GET, Method::POST]);
All methods can be allowed with
use tower_http::cors::{CorsLayer, any};
let layer = CorsLayer::new().allow_methods(any());
Note that multiple calls to this method will override any previous calls.
Set the value of the Access-Control-Allow-Origin
header.
use tower_http::cors::{CorsLayer, Origin};
let layer = CorsLayer::new().allow_origin(Origin::exact(
"http://example.com".parse().unwrap(),
));
Multiple origins can be allowed with
use tower_http::cors::{CorsLayer, Origin};
let origins = vec![
"http://example.com".parse().unwrap(),
"http://api.example.com".parse().unwrap(),
];
let layer = CorsLayer::new().allow_origin(Origin::list(origins));
All origins can be allowed with
use tower_http::cors::{CorsLayer, any};
let layer = CorsLayer::new().allow_origin(any());
You can also use a closure
use tower_http::cors::{CorsLayer, Origin};
use http::{HeaderValue, request::Parts};
let layer = CorsLayer::new().allow_origin(
Origin::predicate(|origin: &HeaderValue, _request_head: &Parts| {
origin.as_bytes().ends_with(b".rust-lang.org")
})
);
Note that multiple calls to this method will override any previous calls.
Set the value of the Access-Control-Expose-Headers
header.
use tower_http::cors::CorsLayer;
use http::header::CONTENT_ENCODING;
let layer = CorsLayer::new().expose_headers(vec![CONTENT_ENCODING]);
All headers can be allowed with
use tower_http::cors::{CorsLayer, any};
let layer = CorsLayer::new().expose_headers(any());
Note that multiple calls to this method will override any previous calls.
Trait Implementations
Auto Trait Implementations
impl !RefUnwindSafe for CorsLayer
impl !UnwindSafe for CorsLayer
Blanket Implementations
Mutably borrows from an owned value. Read more
follow-redirect
only.Create a new Policy
that returns Action::Follow
only if self
and other
return
Action::Follow
. Read more
Attaches the provided Subscriber
to this type, returning a
WithDispatch
wrapper. Read more
Attaches the current default Subscriber
to this type, returning a
WithDispatch
wrapper. Read more