Type Definition kvarn::cors::Cors

source ·
pub type Cors = RuleSet<AllowList>;
Expand description

A CORS ruleset for Kvarn.

Use Extensions::with_cors to allow selected CORS requests.

By default, Kvarn uses a empty RuleSet; all CORS requests are rejected.

Examples

// Allow `https://icelk.dev` and `https://kvarn.org` to access all images.
// Also allow all requests from `http://example.org` access to the api.
let cors =
    Cors::empty()
        .add(
            "/images/*",
            CorsAllowList::new(Duration::from_secs(60*60*24*365))
                .add_origin("https://icelk.dev")
                .add_origin("https://kvarn.org")
            )
        .add(
            "/api/*",
            CorsAllowList::default()
                .add_origin("http://example.org")
                .add_method(Method::PUT)
                .add_method(Method::POST)
        );

Implementations§

source§

impl Cors

source

pub fn check_origin( &self, origin: &Uri, uri_path: &str ) -> Option<(MethodAllowList<'_>, &[HeaderName], Duration)>

Check if the (cross-origin) request’s origin Uri is allowed by the CORS rules.

See CorsAllowList::check for info about the return types.

source

pub fn check_cors_request<T>( &self, request: &Request<T> ) -> Option<(MethodAllowList<'_>, &[HeaderName], Duration)>

Check if the Request::headers and Request::uri is allowed with this ruleset.

This will not check for errors in access-control-request-headers.

Use this over Self::check_origin because this checks for same_origin requests.

See CorsAllowList::check for info about the return types.