Struct tower_http::cors::CorsLayer
source · [−]pub struct CorsLayer { /* private fields */ }cors only.Expand description
Layer that applies the Cors middleware which adds headers for CORS.
See the module docs for an example.
Implementations
Create a new CorsLayer.
This creates a restrictive configuration. Use the builder methods to customize the behavior.
A very permissive configuration suitable for development:
- Credentials allowed.
- All request headers allowed.
- All methods allowed.
- All origins allowed.
- All headers exposed.
- Max age set to 1 hour.
Note this is not recommended for production use.
Set the Access-Control-Allow-Credentials header.
use tower_http::cors::CorsLayer;
let layer = CorsLayer::new().allow_credentials(true);Set the value of the Access-Control-Allow-Headers header.
use tower_http::cors::CorsLayer;
use http::header::{AUTHORIZATION, ACCEPT};
let layer = CorsLayer::new().allow_headers(vec![AUTHORIZATION, ACCEPT]);All headers can be allowed with
use tower_http::cors::{CorsLayer, any};
let layer = CorsLayer::new().allow_headers(any());Note that multiple calls to this method will override any previous calls.
Also note that Access-Control-Allow-Headers is required for requests that have
Access-Control-Request-Headers.
Set the value of the Access-Control-Max-Age header.
use tower_http::cors::CorsLayer;
use std::time::Duration;
let layer = CorsLayer::new().max_age(Duration::from_secs(60) * 10);By default the header will not be set which disables caching and will require a preflight call for all requests.
Note that each browser has a maximum internal value that takes precedence when the Access-Control-Max-Age is greater. For more details see mdn.
Set the value of the Access-Control-Allow-Methods header.
use tower_http::cors::CorsLayer;
use http::Method;
let layer = CorsLayer::new().allow_methods(vec![Method::GET, Method::POST]);All methods can be allowed with
use tower_http::cors::{CorsLayer, any};
let layer = CorsLayer::new().allow_methods(any());Note that multiple calls to this method will override any previous calls.
Set the value of the Access-Control-Allow-Origin header.
use tower_http::cors::{CorsLayer, Origin};
let layer = CorsLayer::new().allow_origin(Origin::exact(
"http://example.com".parse().unwrap(),
));Multiple origins can be allowed with
use tower_http::cors::{CorsLayer, Origin};
let origins = vec![
"http://example.com".parse().unwrap(),
"http://api.example.com".parse().unwrap(),
];
let layer = CorsLayer::new().allow_origin(Origin::list(origins));All origins can be allowed with
use tower_http::cors::{CorsLayer, any};
let layer = CorsLayer::new().allow_origin(any());You can also use a closure
use tower_http::cors::{CorsLayer, Origin};
use http::{HeaderValue, request::Parts};
let layer = CorsLayer::new().allow_origin(
Origin::predicate(|origin: &HeaderValue, _request_head: &Parts| {
origin.as_bytes().ends_with(b".rust-lang.org")
})
);Note that multiple calls to this method will override any previous calls.
Set the value of the Access-Control-Expose-Headers header.
use tower_http::cors::CorsLayer;
use http::header::CONTENT_ENCODING;
let layer = CorsLayer::new().expose_headers(vec![CONTENT_ENCODING]);All headers can be allowed with
use tower_http::cors::{CorsLayer, any};
let layer = CorsLayer::new().expose_headers(any());Note that multiple calls to this method will override any previous calls.
Trait Implementations
Auto Trait Implementations
impl !RefUnwindSafe for CorsLayer
impl !UnwindSafe for CorsLayer
Blanket Implementations
Mutably borrows from an owned value. Read more
follow-redirect only.Create a new Policy that returns Action::Follow only if self and other return
Action::Follow. Read more
Attaches the provided Subscriber to this type, returning a
WithDispatch wrapper. Read more
Attaches the current default Subscriber to this type, returning a
WithDispatch wrapper. Read more