Struct tower_http::cors::CorsLayer
source · [−]pub struct CorsLayer { /* private fields */ }
cors
only.Expand description
Layer that applies the Cors
middleware which adds headers for CORS.
See the module docs for an example.
Implementations
sourceimpl CorsLayer
impl CorsLayer
sourcepub fn new() -> Self
pub fn new() -> Self
Create a new CorsLayer
.
No headers are sent by default. Use the builder methods to customize the behavior.
You need to set at least an allowed origin for browsers to make successful cross-origin requests to your service.
sourcepub fn permissive() -> Self
pub fn permissive() -> Self
A permissive configuration:
- All request headers allowed.
- All methods allowed.
- All origins allowed.
- All headers exposed.
sourcepub fn very_permissive() -> Self
pub fn very_permissive() -> Self
A very permissive configuration:
- Credentials allowed.
- The method received in
Access-Control-Request-Method
is sent back as an allowed method. - The origin of the preflight request is sent back as an allowed origin.
- The header names received in
Access-Control-Request-Headers
are sent back as allowed headers. - No headers are currently exposed, but this may change in the future.
sourcepub fn allow_credentials<T>(self, allow_credentials: T) -> Self where
T: Into<AllowCredentials>,
pub fn allow_credentials<T>(self, allow_credentials: T) -> Self where
T: Into<AllowCredentials>,
Set the Access-Control-Allow-Credentials
header.
use tower_http::cors::CorsLayer;
let layer = CorsLayer::new().allow_credentials(true);
sourcepub fn allow_headers<T>(self, headers: T) -> Self where
T: Into<AllowHeaders>,
pub fn allow_headers<T>(self, headers: T) -> Self where
T: Into<AllowHeaders>,
Set the value of the Access-Control-Allow-Headers
header.
use tower_http::cors::CorsLayer;
use http::header::{AUTHORIZATION, ACCEPT};
let layer = CorsLayer::new().allow_headers([AUTHORIZATION, ACCEPT]);
All headers can be allowed with
use tower_http::cors::{Any, CorsLayer};
let layer = CorsLayer::new().allow_headers(Any);
Note that multiple calls to this method will override any previous calls.
Also note that Access-Control-Allow-Headers
is required for requests that have
Access-Control-Request-Headers
.
sourcepub fn max_age<T>(self, max_age: T) -> Self where
T: Into<MaxAge>,
pub fn max_age<T>(self, max_age: T) -> Self where
T: Into<MaxAge>,
Set the value of the Access-Control-Max-Age
header.
use std::time::Duration;
use tower_http::cors::CorsLayer;
let layer = CorsLayer::new().max_age(Duration::from_secs(60) * 10);
By default the header will not be set which disables caching and will require a preflight call for all requests.
Note that each browser has a maximum internal value that takes precedence when the Access-Control-Max-Age is greater. For more details see mdn.
If you need more flexibility, you can use supply a function which can dynamically decide the max-age based on the origin and other parts of each preflight request:
use std::time::Duration;
use http::{request::Parts as RequestParts, HeaderValue};
use tower_http::cors::{CorsLayer, MaxAge};
let layer = CorsLayer::new().max_age(MaxAge::dynamic(
|_origin: &HeaderValue, parts: &RequestParts| -> Duration {
// Let's say you want to be able to reload your config at
// runtime and have another middleware that always inserts
// the current config into the request extensions
let config = parts.extensions.get::<MyServerConfig>().unwrap();
config.cors_max_age
},
));
sourcepub fn allow_methods<T>(self, methods: T) -> Self where
T: Into<AllowMethods>,
pub fn allow_methods<T>(self, methods: T) -> Self where
T: Into<AllowMethods>,
Set the value of the Access-Control-Allow-Methods
header.
use tower_http::cors::CorsLayer;
use http::Method;
let layer = CorsLayer::new().allow_methods([Method::GET, Method::POST]);
All methods can be allowed with
use tower_http::cors::{Any, CorsLayer};
let layer = CorsLayer::new().allow_methods(Any);
Note that multiple calls to this method will override any previous calls.
sourcepub fn allow_origin<T>(self, origin: T) -> Self where
T: Into<AllowOrigin>,
pub fn allow_origin<T>(self, origin: T) -> Self where
T: Into<AllowOrigin>,
Set the value of the Access-Control-Allow-Origin
header.
use http::HeaderValue;
use tower_http::cors::CorsLayer;
let layer = CorsLayer::new().allow_origin(
"http://example.com".parse::<HeaderValue>().unwrap(),
);
Multiple origins can be allowed with
use tower_http::cors::CorsLayer;
let origins = [
"http://example.com".parse().unwrap(),
"http://api.example.com".parse().unwrap(),
];
let layer = CorsLayer::new().allow_origin(origins);
All origins can be allowed with
use tower_http::cors::{Any, CorsLayer};
let layer = CorsLayer::new().allow_origin(Any);
You can also use a closure
use tower_http::cors::{CorsLayer, AllowOrigin};
use http::{request::Parts as RequestParts, HeaderValue};
let layer = CorsLayer::new().allow_origin(AllowOrigin::predicate(
|origin: &HeaderValue, _request_parts: &RequestParts| {
origin.as_bytes().ends_with(b".rust-lang.org")
},
));
Note that multiple calls to this method will override any previous calls.
sourcepub fn expose_headers<T>(self, headers: T) -> Self where
T: Into<ExposeHeaders>,
pub fn expose_headers<T>(self, headers: T) -> Self where
T: Into<ExposeHeaders>,
Set the value of the Access-Control-Expose-Headers
header.
use tower_http::cors::CorsLayer;
use http::header::CONTENT_ENCODING;
let layer = CorsLayer::new().expose_headers([CONTENT_ENCODING]);
All headers can be allowed with
use tower_http::cors::{Any, CorsLayer};
let layer = CorsLayer::new().expose_headers(Any);
Note that multiple calls to this method will override any previous calls.
sourcepub fn vary<T>(self, headers: T) -> Self where
T: Into<Vary>,
pub fn vary<T>(self, headers: T) -> Self where
T: Into<Vary>,
Set the value(s) of the Vary
header.
In contrast to the other headers, this one has a non-empty default of
preflight_request_headers()
.
You only need to set this is you want to remove some of these defaults, or if you use a closure for one of the other headers and want to add a vary header accordingly.
Trait Implementations
Auto Trait Implementations
impl !RefUnwindSafe for CorsLayer
impl Send for CorsLayer
impl Sync for CorsLayer
impl Unpin for CorsLayer
impl !UnwindSafe for CorsLayer
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
sourceimpl<T> Instrument for T
impl<T> Instrument for T
sourcefn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
sourcefn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
sourceimpl<T> PolicyExt for T where
T: ?Sized,
impl<T> PolicyExt for T where
T: ?Sized,
sourceimpl<T> ToOwned for T where
T: Clone,
impl<T> ToOwned for T where
T: Clone,
type Owned = T
type Owned = T
The resulting type after obtaining ownership.
sourcefn clone_into(&self, target: &mut T)
fn clone_into(&self, target: &mut T)
toowned_clone_into
)Uses borrowed data to replace owned data, usually by cloning. Read more
sourceimpl<T> WithSubscriber for T
impl<T> WithSubscriber for T
sourcefn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self> where
S: Into<Dispatch>,
fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self> where
S: Into<Dispatch>,
Attaches the provided Subscriber
to this type, returning a
WithDispatch
wrapper. Read more
sourcefn with_current_subscriber(self) -> WithDispatch<Self>
fn with_current_subscriber(self) -> WithDispatch<Self>
Attaches the current default Subscriber
to this type, returning a
WithDispatch
wrapper. Read more