- Enum actix_cors::
source · [−]
Enum actix_cors::CorsError
source · [−]#[non_exhaustive]
+ Enum actix_cors::CorsError
source · [−]#[non_exhaustive]
pub enum CorsError {
WildcardOrigin,
MissingOrigin,
@@ -25,16 +25,16 @@ pub enum CorsError {
OriginNotAllowed
Origin is not allowed to make this request.
MethodNotAllowed
Request method is not allowed.
HeadersNotAllowed
One or more request headers are not allowed.
-Trait Implementations
sourceimpl Clone for CorsError
impl Clone for CorsError
sourcefn clone(&self) -> CorsError
fn clone(&self) -> CorsError
Returns a copy of the value. Read more
+Trait Implementations
sourceimpl Error for CorsError
impl Error for CorsError
1.30.0 · sourcefn source(&self) -> Option<&(dyn Error + 'static)>
fn source(&self) -> Option<&(dyn Error + 'static)>
The lower-level source of this error, if any. Read more
sourcefn backtrace(&self) -> Option<&Backtrace>
fn backtrace(&self) -> Option<&Backtrace>
🔬 This is a nightly-only experimental API. (
backtrace)Returns a stack backtrace, if available, of where this error occurred. Read more
1.0.0 · sourcefn description(&self) -> &str
fn description(&self) -> &str
👎 Deprecated since 1.42.0:
use the Display impl or to_string()
sourceimpl ResponseError for CorsError
impl ResponseError for CorsError
sourcefn status_code(&self) -> StatusCode
fn status_code(&self) -> StatusCode
Returns appropriate status code for error. Read more
-sourcefn error_response(&self) -> HttpResponse
fn error_response(&self) -> HttpResponse
Creates full response for error. Read more
+sourceimpl ResponseError for CorsError
impl ResponseError for CorsError
sourcefn status_code(&self) -> StatusCode
fn status_code(&self) -> StatusCode
Returns appropriate status code for error. Read more
+sourcefn error_response(&self) -> HttpResponse
fn error_response(&self) -> HttpResponse
Creates full response for error. Read more
Auto Trait Implementations
impl RefUnwindSafe for CorsError
impl Send for CorsError
impl Sync for CorsError
impl Unpin for CorsError
impl UnwindSafe for CorsError
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
diff --git a/src/actix_cors/error.rs.html b/src/actix_cors/error.rs.html index f247f1790..2e1fd8e2b 100644 --- a/src/actix_cors/error.rs.html +++ b/src/actix_cors/error.rs.html @@ -55,16 +55,10 @@ 48 49 50 -51 -52 -53 -54use actix_web::{http::StatusCode, HttpResponse, ResponseError};
use derive_more::{Display, Error};
-use crate::inner::add_vary_header;
-
/// Errors that can occur when processing CORS guarded requests.
#[derive(Debug, Clone, Display, Error)]
#[non_exhaustive]
@@ -108,9 +102,7 @@
}
fn error_response(&self) -> HttpResponse {
- let mut res = HttpResponse::with_body(self.status_code(), self.to_string());
- add_vary_header(res.headers_mut());
- res.map_into_boxed_body()
+ HttpResponse::with_body(self.status_code(), self.to_string()).map_into_boxed_body()
}
}
use std::{collections::HashSet, rc::Rc};
use actix_utils::future::ok;
@@ -287,6 +302,7 @@
}
impl<S> CorsMiddleware<S> {
+ /// Returns true if request is `OPTIONS` and contains an `Access-Control-Request-Method` header.
fn is_request_preflight(req: &ServiceRequest) -> bool {
// check request method is OPTIONS
if req.method() != Method::OPTIONS {
@@ -306,7 +322,15 @@
true
}
- fn handle_preflight(inner: &Inner, req: ServiceRequest) -> ServiceResponse {
+ /// Validates preflight request headers against configuration and constructs preflight response.
+ ///
+ /// Checks:
+ /// - `Origin` header is acceptable;
+ /// - `Access-Control-Request-Method` header is acceptable;
+ /// - `Access-Control-Request-Headers` header is acceptable.
+ fn handle_preflight(&self, req: ServiceRequest) -> ServiceResponse {
+ let inner = Rc::clone(&self.inner);
+
if let Err(err) = inner
.validate_origin(req.head())
.and_then(|_| inner.validate_allowed_method(req.head()))
@@ -347,7 +371,10 @@
}
let mut res = res.finish();
- add_vary_header(res.headers_mut());
+
+ if inner.vary_header {
+ add_vary_header(res.headers_mut());
+ }
req.into_response(res)
}
@@ -418,31 +445,35 @@
forward_ready!(service);
fn call(&self, req: ServiceRequest) -> Self::Future {
+ let origin = req.headers().get(header::ORIGIN);
+
+ // handle preflight requests
if self.inner.preflight && Self::is_request_preflight(&req) {
- let inner = Rc::clone(&self.inner);
- let res = Self::handle_preflight(&inner, req);
+ let res = self.handle_preflight(req);
return ok(res.map_into_right_body()).boxed_local();
}
- let origin = req.headers().get(header::ORIGIN).cloned();
-
+ // only check actual requests with a origin header
if origin.is_some() {
- // Only check requests with a origin header.
if let Err(err) = self.inner.validate_origin(req.head()) {
debug!("origin validation failed; inner service is not called");
- return ok(req.error_response(err).map_into_right_body()).boxed_local();
+ let mut res = req.error_response(err);
+
+ if self.inner.vary_header {
+ add_vary_header(res.headers_mut());
+ }
+
+ return ok(res.map_into_right_body()).boxed_local();
}
}
let inner = Rc::clone(&self.inner);
let fut = self.service.call(req);
- async move {
+ Box::pin(async move {
let res = fut.await;
-
Ok(Self::augment_response(&inner, res?).map_into_left_body())
- }
- .boxed_local()
+ })
}
}
@@ -472,7 +503,6 @@
.allow_any_origin()
.allowed_origin_fn(|origin, req_head| {
assert_eq!(&origin, req_head.headers.get(header::ORIGIN).unwrap());
-
req_head.headers().contains_key(header::DNT)
})
.new_transform(test::ok_service())