actix-extras/actix-cors/examples/cors.rs

use actix_cors::Cors;
use actix_web::{http::header, web, App, HttpServer};

#[actix_web::main]
async fn main() -> std::io::Result<()> {
    pretty_env_logger::init();

    HttpServer::new(move || {
        App::new()
            .wrap(
                // default settings are overly restrictive to reduce chance of
                // misconfiguration leading to security concerns
                Cors::default()
                    // add specific origin to allowed origin list
                    .allowed_origin("http://project.local:8080")
                    // allow any port on localhost
                    .allowed_origin_fn(|origin, _req_head| {
                        origin.as_bytes().starts_with(b"http://localhost")

                        // manual alternative:
                        // unwrapping is acceptable on the origin header since this function is
                        // only called when it exists
                        // req_head
                        //     .headers()
                        //     .get(header::ORIGIN)
                        //     .unwrap()
                        //     .as_bytes()
                        //     .starts_with(b"http://localhost")
                    })
                    // set allowed methods list
                    .allowed_methods(vec!["GET", "POST"])
                    // set allowed request header list
                    .allowed_headers(&[header::AUTHORIZATION, header::ACCEPT])
                    // add header to allowed list
                    .allowed_header(header::CONTENT_TYPE)
                    // set list of headers that are safe to expose
                    .expose_headers(&[header::CONTENT_DISPOSITION])
                    // set CORS rules ttl
                    .max_age(3600),
            )
            .default_service(web::to(|| async { "Hello world!" }))
    })
    .bind("127.0.0.1:8080")?
    .run()
    .await
}
CORS builder rework (#119) 2020-10-19 06:51:31 +02:00			`use actix_cors::Cors;`
			`use actix_web::{http::header, web, App, HttpServer};`

			`#[actix_web::main]`
			`async fn main() -> std::io::Result<()> {`
			`pretty_env_logger::init();`

			`HttpServer::new(move \|\| {`
			`App::new()`
			`.wrap(`
			`// default settings are overly restrictive to reduce chance of`
			`// misconfiguration leading to security concerns`
			`Cors::default()`
			`// add specific origin to allowed origin list`
			`.allowed_origin("http://project.local:8080")`
			`// allow any port on localhost`
cors origin validator function receives origin as first parameter (#120) 2020-10-19 20:30:46 +02:00			`.allowed_origin_fn(\|origin, _req_head\| {`
			`origin.as_bytes().starts_with(b"http://localhost")`

			`// manual alternative:`
CORS builder rework (#119) 2020-10-19 06:51:31 +02:00			`// unwrapping is acceptable on the origin header since this function is`
			`// only called when it exists`
cors origin validator function receives origin as first parameter (#120) 2020-10-19 20:30:46 +02:00			`// req_head`
			`// .headers()`
			`// .get(header::ORIGIN)`
			`// .unwrap()`
			`// .as_bytes()`
			`// .starts_with(b"http://localhost")`
CORS builder rework (#119) 2020-10-19 06:51:31 +02:00			`})`
			`// set allowed methods list`
			`.allowed_methods(vec!["GET", "POST"])`
			`// set allowed request header list`
			`.allowed_headers(&[header::AUTHORIZATION, header::ACCEPT])`
			`// add header to allowed list`
			`.allowed_header(header::CONTENT_TYPE)`
			`// set list of headers that are safe to expose`
			`.expose_headers(&[header::CONTENT_DISPOSITION])`
			`// set CORS rules ttl`
			`.max_age(3600),`
			`)`
			`.default_service(web::to(\|\| async { "Hello world!" }))`
			`})`
			`.bind("127.0.0.1:8080")?`
			`.run()`
			`.await`
			`}`