1
0
mirror of https://github.com/actix/actix-extras.git synced 2024-11-23 15:51:06 +01:00
actix-extras/actix-cors/examples/cors.rs

55 lines
2.3 KiB
Rust
Raw Normal View History

2020-10-19 06:51:31 +02:00
use actix_cors::Cors;
use actix_web::{http::header, middleware::Logger, web, App, HttpServer};
2020-10-19 06:51:31 +02:00
#[actix_web::main]
async fn main() -> std::io::Result<()> {
env_logger::init_from_env(env_logger::Env::new().default_filter_or("info"));
2020-10-19 06:51:31 +02:00
log::info!("starting HTTP server at http://localhost:8080");
2020-10-19 06:51:31 +02:00
HttpServer::new(move || {
App::new()
// `permissive` is a wide-open development config
// .wrap(Cors::permissive())
2020-10-19 06:51:31 +02:00
.wrap(
// default settings are overly restrictive to reduce chance of
// misconfiguration leading to security concerns
Cors::default()
// add specific origin to allowed origin list
.allowed_origin("http://project.local:8080")
// allow any port on localhost
.allowed_origin_fn(|origin, _req_head| {
origin.as_bytes().starts_with(b"http://localhost")
// manual alternative:
2020-10-19 06:51:31 +02:00
// unwrapping is acceptable on the origin header since this function is
// only called when it exists
// req_head
// .headers()
// .get(header::ORIGIN)
// .unwrap()
// .as_bytes()
// .starts_with(b"http://localhost")
2020-10-19 06:51:31 +02:00
})
// set allowed methods list
.allowed_methods(vec!["GET", "POST"])
// set allowed request header list
.allowed_headers(&[header::AUTHORIZATION, header::ACCEPT])
// add header to allowed list
.allowed_header(header::CONTENT_TYPE)
// set list of headers that are safe to expose
.expose_headers(&[header::CONTENT_DISPOSITION])
// allow cURL/HTTPie from working without providing Origin headers
.block_on_origin_mismatch(false)
// set preflight cache TTL
2020-10-19 06:51:31 +02:00
.max_age(3600),
)
.wrap(Logger::default())
2021-12-13 03:50:22 +01:00
.default_service(web::to(|| async { "Hello, cross-origin world!" }))
2020-10-19 06:51:31 +02:00
})
.workers(1)
.bind(("127.0.0.1", 8080))?
2020-10-19 06:51:31 +02:00
.run()
.await
}