From e74cdcecf8350b51dec01682101b0344ac29f33e Mon Sep 17 00:00:00 2001 From: robjtede Date: Wed, 21 Sep 2022 23:25:45 +0000 Subject: [PATCH] =?UTF-8?q?Deploying=20to=20gh-pages=20from=20=20@=203b568?= =?UTF-8?q?2c8609d6c521fb3a564730f97ca01160024=20=F0=9F=9A=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- actix_cors/struct.Cors.html | 45 ++++++++++++++++------------ search-index.js | 2 +- settings.html | 4 +-- src/actix_cors/builder.rs.html | 40 +++++++++++++++++++++++++ src/actix_cors/inner.rs.html | 18 ++++++++--- src/actix_cors/middleware.rs.html | 50 +++++++++++++++++++++++-------- 6 files changed, 120 insertions(+), 39 deletions(-) diff --git a/actix_cors/struct.Cors.html b/actix_cors/struct.Cors.html index 6aeaaeb86..da37ea70d 100644 --- a/actix_cors/struct.Cors.html +++ b/actix_cors/struct.Cors.html @@ -1,5 +1,5 @@ Cors in actix_cors - Rust
+ logo

Cors

Methods

Trait Implementations

Auto Trait Implementations

Blanket Implementations

In actix_cors

logo

Struct actix_cors::Cors

source · []
pub struct Cors { /* private fields */ }
Expand description

Builder for CORS middleware.

To construct a CORS middleware, call Cors::default() to create a blank, restrictive builder. Then use any of the builder methods to customize CORS behavior.

@@ -22,12 +22,12 @@ server will fail to start up or serve requests.

.max_age(3600); // `cors` can now be used in `App::wrap`.
-

Implementations

A very permissive set of default for quick development. Not recommended for production use.

+

Implementations

A very permissive set of default for quick development. Not recommended for production use.

All origins, methods, request headers and exposed headers allowed. Credentials supported. Max age 1 hour. Does not send wildcard.

-

Resets allowed origin list to a state where any origin is accepted.

+

Resets allowed origin list to a state where any origin is accepted.

See Cors::allowed_origin for more info on allowed origins.

-

Add an origin that is allowed to make requests.

+

Add an origin that is allowed to make requests.

This method allows specifying a finite set of origins to verify the value of the Origin request header. These are origin-or-null types in the Fetch Standard.

By default, no origins are accepted.

@@ -45,38 +45,38 @@ allowed origins.

  • If supplied origin is not valid uri
  • If supplied origin is a wildcard (*). Cors::send_wildcard should be used instead.
    • -

    Determinate allowed origins by processing requests which didn’t match any origins specified +

    Determinate allowed origins by processing requests which didn’t match any origins specified in the allowed_origin.

    The function will receive two parameters, the Origin header value, and the RequestHead of each request, which can be used to determine whether to allow the request or not.

    If the function returns true, the client’s Origin request header will be echoed back into the Access-Control-Allow-Origin response header.

    -

    Resets allowed methods list to all methods.

    +

    Resets allowed methods list to all methods.

    See Cors::allowed_methods for more info on allowed methods.

    -

    Set a list of methods which allowed origins can perform.

    +

    Set a list of methods which allowed origins can perform.

    These will be sent in the Access-Control-Allow-Methods response header as specified in the Fetch Standard CORS protocol.

    This defaults to an empty set.

    -

    Resets allowed request header list to a state where any header is accepted.

    +

    Resets allowed request header list to a state where any header is accepted.

    See Cors::allowed_headers for more info on allowed request headers.

    -

    Add an allowed request header.

    +

    Add an allowed request header.

    See Cors::allowed_headers for more info on allowed request headers.

    -

    Set a list of request header field names which can be used when this resource is accessed by +

    Set a list of request header field names which can be used when this resource is accessed by allowed origins.

    If All is set, whatever is requested by the client in Access-Control-Request-Headers will be echoed back in the Access-Control-Allow-Headers header as specified in the Fetch Standard CORS protocol.

    This defaults to an empty set.

    -

    Resets exposed response header list to a state where all headers are exposed.

    +

    Resets exposed response header list to a state where all headers are exposed.

    See Cors::expose_headers for more info on exposed response headers.

    -

    Set a list of headers which are safe to expose to the API of a CORS API specification. +

    Set a list of headers which are safe to expose to the API of a CORS API specification. This corresponds to the Access-Control-Expose-Headers response header as specified in the Fetch Standard CORS protocol.

    This defaults to an empty set.

    -

    Set a maximum time (in seconds) for which this CORS request may be cached. This value is set +

    Set a maximum time (in seconds) for which this CORS request may be cached. This value is set as the Access-Control-Max-Age header as specified in the Fetch Standard CORS protocol.

    Pass a number (of seconds) or use None to disable sending max age header.

    -

    Set to use wildcard origins.

    +

    Set to use wildcard origins.

    If send wildcard is set and the allowed_origins parameter is All, a wildcard Access-Control-Allow-Origin response header is sent, rather than the request’s Origin header.

    @@ -84,7 +84,7 @@ as the Access-Control-Max-Age header as specified in the

    Allows users to make authenticated requests

    +

    Allows users to make authenticated requests

    If true, injects the Access-Control-Allow-Credentials header in responses. This allows cookies and credentials to be submitted across domains as specified in the Fetch Standard CORS protocol.

    @@ -93,21 +93,28 @@ the Fetch Standard C

    Defaults to false.

    A server initialization error will occur if credentials are allowed, but the Origin is set to send wildcards (*); this is not allowed by the CORS protocol.

    -

    Disable Vary header support.

    +

    Disable Vary header support.

    When enabled the header Vary: Origin will be returned as per the Fetch Standard implementation guidelines.

    Setting this header when the Access-Control-Allow-Origin is dynamically generated (eg. when there is more than one allowed origin, and an Origin other than ‘*’ is returned) informs CDNs and other caches that the CORS headers are dynamic, and cannot be cached.

    By default, Vary header support is enabled.

    -

    Disable support for preflight requests.

    +

    Disable support for preflight requests.

    When enabled CORS middleware automatically handles OPTIONS requests. This is useful for application level middleware.

    By default preflight support is enabled.

    -

    Trait Implementations

    Formats the value using the given formatter. Read more

    A restrictive (security paranoid) set of defaults.

    +

    Configures whether requests should be pre-emptively blocked on mismatched origin.

    +

    If true, a 400 Bad Request is returned immediately when a request fails origin validation.

    +

    If false, the request will be processed as normal but relevant CORS headers will not be +appended to the response. In this case, the browser is trusted to validate CORS headers and +and block requests based on pre-flight requests. Use this setting to allow cURL and other +non-browser HTTP clients to function as normal, no matter what Origin the request has.

    +

    Defaults to true.

    +

    Trait Implementations

    Formats the value using the given formatter. Read more

    A restrictive (security paranoid) set of defaults.

    No allowed origins, methods, request headers or exposed headers. Credentials not supported. No max age (will use browser’s default).

    -
    Responses produced by the service.
    Errors produced by the service.
    Errors produced while building a transform service.
    The TransformService value created by this factory
    The future response value.
    Creates and returns a new Transform component, asynchronously

    Auto Trait Implementations

    Blanket Implementations

    Gets the TypeId of self. Read more
    Immutably borrows from an owned value. Read more
    Mutably borrows from an owned value. Read more

    Returns the argument unchanged.

    +
    Responses produced by the service.
    Errors produced by the service.
    Errors produced while building a transform service.
    The TransformService value created by this factory
    The future response value.
    Creates and returns a new Transform component, asynchronously

    Auto Trait Implementations

    Blanket Implementations

    Gets the TypeId of self. Read more
    Immutably borrows from an owned value. Read more
    Mutably borrows from an owned value. Read more

    Returns the argument unchanged.

    Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
    Instruments this type with the current Span, returning an Instrumented wrapper. Read more

    Calls U::from(self).

    diff --git a/search-index.js b/search-index.js index df50362c8..e5a0ede94 100644 --- a/search-index.js +++ b/search-index.js @@ -1,5 +1,5 @@ var searchIndex = JSON.parse('{\ -"actix_cors":{"doc":"Cross-Origin Resource Sharing (CORS) controls for Actix …","t":[13,13,3,4,13,13,13,13,13,13,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11],"n":["BadRequestHeaders","BadRequestMethod","Cors","CorsError","HeadersNotAllowed","MethodNotAllowed","MissingOrigin","MissingRequestMethod","OriginNotAllowed","WildcardOrigin","allow_any_header","allow_any_method","allow_any_origin","allowed_header","allowed_headers","allowed_methods","allowed_origin","allowed_origin_fn","borrow","borrow","borrow_mut","borrow_mut","clone","clone_into","default","disable_preflight","disable_vary_header","error_response","expose_any_header","expose_headers","fmt","fmt","fmt","from","from","into","into","max_age","new_transform","permissive","provide","send_wildcard","status_code","supports_credentials","to_owned","to_string","try_from","try_from","try_into","try_into","type_id","type_id","vzip","vzip"],"q":["actix_cors","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","",""],"d":["Request header Access-Control-Request-Headers has an …","Request header Access-Control-Request-Method has an …","Builder for CORS middleware.","Errors that can occur when processing CORS guarded …","One or more request headers are not allowed.","Request method is not allowed.","Request header Origin is required but was not provided.","Request header Access-Control-Request-Method is required …","Origin is not allowed to make this request.","Allowed origin argument must not be wildcard (*).","Resets allowed request header list to a state where any …","Resets allowed methods list to all methods.","Resets allowed origin list to a state where any origin is …","Add an allowed request header.","Set a list of request header field names which can be used …","Set a list of methods which allowed origins can perform.","Add an origin that is allowed to make requests.","Determinate allowed origins by processing requests which …","","","","","","","A restrictive (security paranoid) set of defaults.","Disable support for preflight requests.","Disable Vary header support.","","Resets exposed response header list to a state where all …","Set a list of headers which are safe to expose to the API …","","","","Returns the argument unchanged.","Returns the argument unchanged.","Calls U::from(self).","Calls U::from(self).","Set a maximum time (in seconds) for which this CORS …","","A very permissive set of default for quick development. …","","Set to use wildcard origins.","","Allows users to make authenticated requests","","","","","","","","","",""],"i":[3,3,0,0,3,3,3,3,3,3,1,1,1,1,1,1,1,1,1,3,1,3,3,3,1,1,1,3,1,1,1,3,3,1,3,1,3,1,1,1,3,1,3,1,3,3,1,3,1,3,1,3,1,3],"f":[0,0,0,0,0,0,0,0,0,0,[1,1],[1,1],[1,1],[1,1],[1,1],[1,1],[[1,2],1],[1,1],[[]],[[]],[[]],[[]],[3,3],[[]],[[],1],[1,1],[1,1],[3,4],[1,1],[1,1],[[1,5],6],[[3,5],6],[[3,5],6],[[]],[[]],[[]],[[]],[[1,[9,[[8,[7]]]]],1],[1],[[],1],[10],[1,1],[3,11],[1,1],[[]],[[],12],[[],13],[[],13],[[],13],[[],13],[[],14],[[],14],[[]],[[]]],"p":[[3,"Cors"],[15,"str"],[4,"CorsError"],[3,"HttpResponse"],[3,"Formatter"],[6,"Result"],[15,"usize"],[4,"Option"],[8,"Into"],[3,"Demand"],[3,"StatusCode"],[3,"String"],[4,"Result"],[3,"TypeId"]]},\ +"actix_cors":{"doc":"Cross-Origin Resource Sharing (CORS) controls for Actix …","t":[13,13,3,4,13,13,13,13,13,13,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11],"n":["BadRequestHeaders","BadRequestMethod","Cors","CorsError","HeadersNotAllowed","MethodNotAllowed","MissingOrigin","MissingRequestMethod","OriginNotAllowed","WildcardOrigin","allow_any_header","allow_any_method","allow_any_origin","allowed_header","allowed_headers","allowed_methods","allowed_origin","allowed_origin_fn","block_on_origin_mismatch","borrow","borrow","borrow_mut","borrow_mut","clone","clone_into","default","disable_preflight","disable_vary_header","error_response","expose_any_header","expose_headers","fmt","fmt","fmt","from","from","into","into","max_age","new_transform","permissive","provide","send_wildcard","status_code","supports_credentials","to_owned","to_string","try_from","try_from","try_into","try_into","type_id","type_id","vzip","vzip"],"q":["actix_cors","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","",""],"d":["Request header Access-Control-Request-Headers has an …","Request header Access-Control-Request-Method has an …","Builder for CORS middleware.","Errors that can occur when processing CORS guarded …","One or more request headers are not allowed.","Request method is not allowed.","Request header Origin is required but was not provided.","Request header Access-Control-Request-Method is required …","Origin is not allowed to make this request.","Allowed origin argument must not be wildcard (*).","Resets allowed request header list to a state where any …","Resets allowed methods list to all methods.","Resets allowed origin list to a state where any origin is …","Add an allowed request header.","Set a list of request header field names which can be used …","Set a list of methods which allowed origins can perform.","Add an origin that is allowed to make requests.","Determinate allowed origins by processing requests which …","Configures whether requests should be pre-emptively …","","","","","","","A restrictive (security paranoid) set of defaults.","Disable support for preflight requests.","Disable Vary header support.","","Resets exposed response header list to a state where all …","Set a list of headers which are safe to expose to the API …","","","","Returns the argument unchanged.","Returns the argument unchanged.","Calls U::from(self).","Calls U::from(self).","Set a maximum time (in seconds) for which this CORS …","","A very permissive set of default for quick development. …","","Set to use wildcard origins.","","Allows users to make authenticated requests","","","","","","","","","",""],"i":[4,4,0,0,4,4,4,4,4,4,1,1,1,1,1,1,1,1,1,1,4,1,4,4,4,1,1,1,4,1,1,1,4,4,1,4,1,4,1,1,1,4,1,4,1,4,4,1,4,1,4,1,4,1,4],"f":[0,0,0,0,0,0,0,0,0,0,[1,1],[1,1],[1,1],[1,1],[1,1],[1,1],[[1,2],1],[1,1],[[1,3],1],[[]],[[]],[[]],[[]],[4,4],[[]],[[],1],[1,1],[1,1],[4,5],[1,1],[1,1],[[1,6],7],[[4,6],7],[[4,6],7],[[]],[[]],[[]],[[]],[[1,[10,[[9,[8]]]]],1],[1],[[],1],[11],[1,1],[4,12],[1,1],[[]],[[],13],[[],14],[[],14],[[],14],[[],14],[[],15],[[],15],[[]],[[]]],"p":[[3,"Cors"],[15,"str"],[15,"bool"],[4,"CorsError"],[3,"HttpResponse"],[3,"Formatter"],[6,"Result"],[15,"usize"],[4,"Option"],[8,"Into"],[3,"Demand"],[3,"StatusCode"],[3,"String"],[4,"Result"],[3,"TypeId"]]},\ "actix_identity":{"doc":"Identity management for Actix Web.","t":[3,8,3,11,11,11,11,11,11,11,0,11,11,11,11,10,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,13,3,4,13,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11],"n":["Identity","IdentityExt","IdentityMiddleware","borrow","borrow","borrow_mut","borrow_mut","builder","clone","clone_into","config","default","from","from","from_request","get_identity","id","into","into","login","logout","new_transform","to_owned","try_from","try_from","try_into","try_into","type_id","type_id","vzip","vzip","DeleteIdentityKeys","IdentityMiddlewareBuilder","LogoutBehaviour","PurgeSession","borrow","borrow","borrow_mut","borrow_mut","build","clone","clone","clone_into","clone_into","fmt","fmt","from","from","into","into","login_deadline","logout_behaviour","to_owned","to_owned","try_from","try_from","try_into","try_into","type_id","type_id","visit_deadline","vzip","vzip"],"q":["actix_identity","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","actix_identity::config","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","",""],"d":["A verified user identity. It can be used as a request …","Helper trait to retrieve an Identity instance from various …","Identity management middleware.","","","","","A fluent API to configure IdentityMiddleware.","","","Configuration options to tune the behaviour of …","","Returns the argument unchanged.","Returns the argument unchanged.","","Retrieve the identity attached to the current session, if …","Return the user id associated to the current session.","Calls U::from(self).","Calls U::from(self).","Attach a valid user identity to the current session.","Remove the user identity from the current session.","","","","","","","","","","","When Identity::logout is called, remove the identity …","A fluent builder to construct an IdentityMiddleware …","LogoutBehaviour controls what actions are going to be …","When Identity::logout is called, purge the current session.","","","","","Finalises the builder and returns an IdentityMiddleware …","","","","","","","Returns the argument unchanged.","Returns the argument unchanged.","Calls U::from(self).","Calls U::from(self).","Automatically logs out users after a certain amount of …","Determines how Identity::logout affects the current …","","","","","","","","","Automatically logs out users after a certain amount of …","",""],"i":[0,0,0,5,2,5,2,2,2,2,0,2,5,2,5,16,5,5,2,5,5,2,2,5,2,5,2,5,2,5,2,11,0,0,11,11,1,11,1,1,11,1,11,1,11,1,11,1,11,1,1,1,11,1,11,1,11,1,11,1,1,11,1],"f":[0,0,0,[[]],[[]],[[]],[[]],[[],1],[2,2],[[]],0,[[],2],[[]],[[]],[[3,4]],[[],[[7,[5,6]]]],[5,[[7,[8,6]]]],[[]],[[]],[[9,8],[[7,[5,6]]]],[5],[2],[[]],[[],7],[[],7],[[],7],[[],7],[[],10],[[],10],[[]],[[]],0,0,0,0,[[]],[[]],[[]],[[]],[1,2],[11,11],[1,1],[[]],[[]],[[11,12],13],[[1,12],13],[[]],[[]],[[]],[[]],[[1,[15,[14]]],1],[[1,11],1],[[]],[[]],[[],7],[[],7],[[],7],[[],7],[[],10],[[],10],[[1,[15,[14]]],1],[[]],[[]]],"p":[[3,"IdentityMiddlewareBuilder"],[3,"IdentityMiddleware"],[3,"HttpRequest"],[4,"Payload"],[3,"Identity"],[3,"Error"],[4,"Result"],[3,"String"],[3,"Extensions"],[3,"TypeId"],[4,"LogoutBehaviour"],[3,"Formatter"],[6,"Result"],[3,"Duration"],[4,"Option"],[8,"IdentityExt"]]},\ "actix_limitation":{"doc":"Rate limiter using a fixed window counter for arbitrary …","t":[3,13,17,17,17,17,4,13,3,13,3,3,13,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,12,12,12,12],"n":["Builder","Client","DEFAULT_COOKIE_NAME","DEFAULT_PERIOD_SECS","DEFAULT_REQUEST_LIMIT","DEFAULT_SESSION_KEY","Error","LimitExceeded","Limiter","Other","RateLimiter","Status","Time","borrow","borrow","borrow","borrow","borrow","borrow_mut","borrow_mut","borrow_mut","borrow_mut","borrow_mut","build","builder","clone","clone","clone_into","clone_into","cookie_name","count","default","fmt","fmt","fmt","fmt","fmt","fmt","from","from","from","from","from","from","from","into","into","into","into","into","key_by","limit","limit","new_transform","period","provide","remaining","reset_epoch_utc","session_key","source","to_owned","to_owned","to_string","try_from","try_from","try_from","try_from","try_from","try_into","try_into","try_into","try_into","try_into","type_id","type_id","type_id","type_id","type_id","vzip","vzip","vzip","vzip","vzip","0","0","0","0"],"q":["actix_limitation","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","actix_limitation::Error","","",""],"d":["Rate limiter builder.","Redis client failed to connect or run a query.","Default cookie name.","Default period (in seconds).","Default request limit.","Default session key.","Failure modes of the rate limiter.","Limit is exceeded for a key.","Rate limiter.","Generic error.","Rate limit middleware.","A report for a given key containing the limit status.","Time conversion failed.","","","","","","","","","","","Finalizes and returns a Limiter.","Construct rate limiter builder with defaults.","","","","","Sets name of cookie to be sent.","Consumes one rate limit unit, returning the status.","","","","","","","","Returns the argument unchanged.","Returns the argument unchanged.","","","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","Sets rate limit key derivation function.","Set upper limit.","Returns the maximum number of requests allowed in the …","","Set limit window/period.","","Returns how many requests are left in the current period.","Returns a UNIX timestamp in UTC approximately when the …","Sets session key to be used in backend.","","","","","","","","","","","","","","","","","","","","","","","","","","","",""],"i":[0,3,0,0,0,0,0,3,0,3,0,0,3,1,3,10,7,2,1,3,10,7,2,1,2,7,2,7,2,1,2,10,1,3,3,10,7,2,1,3,3,3,10,7,2,1,3,10,7,2,1,1,7,10,1,3,7,7,1,3,7,2,3,1,3,10,7,2,1,3,10,7,2,1,3,10,7,2,1,3,10,7,2,21,22,23,24],"f":[0,0,0,0,0,0,0,0,0,0,0,0,0,[[]],[[]],[[]],[[]],[[]],[[]],[[]],[[]],[[]],[[]],[1,[[4,[2,3]]]],[[[6,[5]]],1],[7,7],[2,2],[[]],[[]],[[1,[6,[[9,[8]]]]],1],[[2,[6,[5]]],[[4,[7,3]]]],[[],10],[[1,11],12],[[3,11],12],[[3,11],12],[[10,11],12],[[7,11],12],[[2,11],12],[[]],[[]],[13,3],[14,3],[[]],[[]],[[]],[[]],[[]],[[]],[[]],[[]],[1,1],[[1,15],1],[7,15],[10],[[1,16],1],[17],[7,15],[7,15],[[1,[6,[[9,[8]]]]],1],[3,[[19,[18]]]],[[]],[[]],[[],5],[[],4],[[],4],[[],4],[[],4],[[],4],[[],4],[[],4],[[],4],[[],4],[[],4],[[],20],[[],20],[[],20],[[],20],[[],20],[[]],[[]],[[]],[[]],[[]],0,0,0,0],"p":[[3,"Builder"],[3,"Limiter"],[4,"Error"],[4,"Result"],[3,"String"],[8,"Into"],[3,"Status"],[15,"str"],[4,"Cow"],[3,"RateLimiter"],[3,"Formatter"],[6,"Result"],[3,"ComponentRange"],[3,"RedisError"],[15,"usize"],[3,"Duration"],[3,"Demand"],[8,"Error"],[4,"Option"],[3,"TypeId"],[13,"Client"],[13,"LimitExceeded"],[13,"Time"],[13,"Other"]]},\ "actix_protobuf":{"doc":"Protobuf payload extractor for Actix Web.","t":[12,13,13,13,13,3,3,3,4,8,13,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,10,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,12,12,12],"n":["0","ContentType","Deserialize","Overflow","Payload","ProtoBuf","ProtoBufConfig","ProtoBufMessage","ProtoBufPayloadError","ProtoBufResponseBuilder","Serialize","borrow","borrow","borrow","borrow","borrow_mut","borrow_mut","borrow_mut","borrow_mut","default","deref","deref_mut","error_response","fmt","fmt","fmt","fmt","from","from","from","from","from","from","from_request","into","into","into","into","into_future","limit","limit","new","poll","protobuf","resource_path","respond_to","to_string","to_string","try_from","try_from","try_from","try_from","try_into","try_into","try_into","try_into","try_poll","type_id","type_id","type_id","type_id","vzip","vzip","vzip","vzip","0","0","0"],"q":["actix_protobuf","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","actix_protobuf::ProtoBufPayloadError","",""],"d":["","Content type error","Deserialize error","Payload size is bigger than 256k","Payload error","","","","","","Serialize error","","","","","","","","","","","","","","","","","Returns the argument unchanged.","Returns the argument unchanged.","Returns the argument unchanged.","","","Returns the argument unchanged.","","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","Calls U::from(self).","","Change max size of payload. By default max size is 256Kb","Change max size of payload. By default max size is 256Kb","Create ProtoBufMessage for request.","","","","","","","","","","","","","","","","","","","","","","","","","",""],"i":[3,4,4,4,4,0,0,0,0,0,4,3,1,14,4,3,1,14,4,1,3,3,4,3,3,4,4,3,1,14,4,4,4,3,3,1,14,4,14,1,14,14,14,23,3,3,3,4,3,1,14,4,3,1,14,4,14,3,1,14,4,3,1,14,4,24,25,26],"f":[0,0,0,0,0,0,0,0,0,0,0,[[]],[[]],[[]],[[]],[[]],[[]],[[]],[[]],[[],1],[[[3,[2]]]],[[[3,[2]]]],[4,5],[[[3,[2]],6],7],[[[3,[2]],6],7],[[4,6],7],[[4,6],7],[[]],[[]],[[]],[8,4],[9,4],[[]],[[10,11]],[[]],[[]],[[]],[[]],[[]],[[1,12],1],[[[14,[[0,[2,13]]]],12],[[14,[[0,[2,13]]]]]],[[10,11],[[14,[[0,[2,13]]]]]],[[[15,[[14,[[0,[2,13]]]]]],16],17],[2,[[19,[5,18]]]],[[],20],[[[3,[[0,[2,13]]]],10],5],[[],21],[[],21],[[],19],[[],19],[[],19],[[],19],[[],19],[[],19],[[],19],[[],19],[[15,16],17],[[],22],[[],22],[[],22],[[],22],[[]],[[]],[[]],[[]],0,0,0],"p":[[3,"ProtoBufConfig"],[8,"Message"],[3,"ProtoBuf"],[4,"ProtoBufPayloadError"],[3,"HttpResponse"],[3,"Formatter"],[6,"Result"],[3,"DecodeError"],[4,"PayloadError"],[3,"HttpRequest"],[4,"Payload"],[15,"usize"],[8,"Default"],[3,"ProtoBufMessage"],[3,"Pin"],[3,"Context"],[4,"Poll"],[3,"Error"],[4,"Result"],[3,"Path"],[3,"String"],[3,"TypeId"],[8,"ProtoBufResponseBuilder"],[13,"Serialize"],[13,"Deserialize"],[13,"Payload"]]},\ diff --git a/settings.html b/settings.html index b3c31e83e..52c8bb493 100644 --- a/settings.html +++ b/settings.html @@ -1,3 +1 @@ -Rustdoc settings
    - logo

    Rustdoc settings

    Back
    \ No newline at end of file +Rustdoc settings

    Rustdoc settings

    Back
    \ No newline at end of file diff --git a/src/actix_cors/builder.rs.html b/src/actix_cors/builder.rs.html index 5a0d033f1..f458d3f7b 100644 --- a/src/actix_cors/builder.rs.html +++ b/src/actix_cors/builder.rs.html @@ -641,6 +641,26 @@ 639 640 641 +642 +643 +644 +645 +646 +647 +648 +649 +650 +651 +652 +653 +654 +655 +656 +657 +658 +659 +660 +661 
    use std::{collections::HashSet, convert::TryInto, iter::FromIterator, rc::Rc};
 
 use actix_utils::future::{self, Ready};
@@ -745,6 +765,7 @@
             send_wildcard: false,
             supports_credentials: true,
             vary_header: true,
+            block_on_origin_mismatch: true,
         };
 
         Cors {
@@ -1091,6 +1112,24 @@
 
         self
     }
+
+    /// Configures whether requests should be pre-emptively blocked on mismatched origin.
+    ///
+    /// If `true`, a 400 Bad Request is returned immediately when a request fails origin validation.
+    ///
+    /// If `false`, the request will be processed as normal but relevant CORS headers will not be
+    /// appended to the response. In this case, the browser is trusted to validate CORS headers and
+    /// and block requests based on pre-flight requests. Use this setting to allow cURL and other
+    /// non-browser HTTP clients to function as normal, no matter what `Origin` the request has.
+    ///
+    /// Defaults to `true`.
+    pub fn block_on_origin_mismatch(mut self, block: bool) -> Cors {
+        if let Some(cors) = cors(&mut self.inner, &self.error) {
+            cors.block_on_origin_mismatch = block
+        }
+
+        self
+    }
 }
 
 impl Default for Cors {
@@ -1117,6 +1156,7 @@
             send_wildcard: false,
             supports_credentials: false,
             vary_header: true,
+            block_on_origin_mismatch: true,
         };
 
         Cors {
diff --git a/src/actix_cors/inner.rs.html b/src/actix_cors/inner.rs.html
index 767957330..871406255 100644
--- a/src/actix_cors/inner.rs.html
+++ b/src/actix_cors/inner.rs.html
@@ -388,6 +388,11 @@
 386
 387
 388
+389
+390
+391
+392
+393
 
    use std::{
     collections::HashSet,
     convert::{TryFrom, TryInto},
@@ -455,16 +460,19 @@
     pub(crate) send_wildcard: bool,
     pub(crate) supports_credentials: bool,
     pub(crate) vary_header: bool,
+    pub(crate) block_on_origin_mismatch: bool,
 }
 
 static EMPTY_ORIGIN_SET: Lazy<HashSet<HeaderValue>> = Lazy::new(HashSet::new);
 
 impl Inner {
-    pub(crate) fn validate_origin(&self, req: &RequestHead) -> Result<(), CorsError> {
+    /// The bool returned in Ok(_) position indicates whether the `Access-Control-Allow-Origin`
+    /// header should be added to the response or not.
+    pub(crate) fn validate_origin(&self, req: &RequestHead) -> Result<bool, CorsError> {
         // return early if all origins are allowed or get ref to allowed origins set
         #[allow(clippy::mutable_key_type)]
         let allowed_origins = match &self.allowed_origins {
-            AllOrSome::All if self.allowed_origins_fns.is_empty() => return Ok(()),
+            AllOrSome::All if self.allowed_origins_fns.is_empty() => return Ok(true),
             AllOrSome::Some(allowed_origins) => allowed_origins,
             // only function origin validators are defined
             _ => &EMPTY_ORIGIN_SET,
@@ -475,9 +483,11 @@
             // origin header exists and is a string
             Some(origin) => {
                 if allowed_origins.contains(origin) || self.validate_origin_fns(origin, req) {
-                    Ok(())
-                } else {
+                    Ok(true)
+                } else if self.block_on_origin_mismatch {
                     Err(CorsError::OriginNotAllowed)
+                } else {
+                    Ok(false)
                 }
             }
 
diff --git a/src/actix_cors/middleware.rs.html b/src/actix_cors/middleware.rs.html
index fcb914b19..5a4e967e2 100644
--- a/src/actix_cors/middleware.rs.html
+++ b/src/actix_cors/middleware.rs.html
@@ -263,6 +263,19 @@
 261
 262
 263
+264
+265
+266
+267
+268
+269
+270
+271
+272
+273
+274
+275
+276
 
    use std::{collections::HashSet, rc::Rc};
 
 use actix_utils::future::ok;
@@ -281,7 +294,7 @@
 use crate::{
     builder::intersperse_header_values,
     inner::{add_vary_header, header_value_try_into_method},
-    AllOrSome, Inner,
+    AllOrSome, CorsError, Inner,
 };
 
 /// Service wrapper for Cross-Origin Resource Sharing support.
@@ -325,9 +338,14 @@
     fn handle_preflight(&self, req: ServiceRequest) -> ServiceResponse {
         let inner = Rc::clone(&self.inner);
 
+        match inner.validate_origin(req.head()) {
+            Ok(true) => {}
+            Ok(false) => return req.error_response(CorsError::OriginNotAllowed),
+            Err(err) => return req.error_response(err),
+        };
+
         if let Err(err) = inner
-            .validate_origin(req.head())
-            .and_then(|_| inner.validate_allowed_method(req.head()))
+            .validate_allowed_method(req.head())
             .and_then(|_| inner.validate_allowed_headers(req.head()))
         {
             return req.error_response(err);
@@ -373,11 +391,17 @@
         req.into_response(res)
     }
 
-    fn augment_response<B>(inner: &Inner, mut res: ServiceResponse<B>) -> ServiceResponse<B> {
-        if let Some(origin) = inner.access_control_allow_origin(res.request().head()) {
-            res.headers_mut()
-                .insert(header::ACCESS_CONTROL_ALLOW_ORIGIN, origin);
-        };
+    fn augment_response<B>(
+        inner: &Inner,
+        origin_allowed: bool,
+        mut res: ServiceResponse<B>,
+    ) -> ServiceResponse<B> {
+        if origin_allowed {
+            if let Some(origin) = inner.access_control_allow_origin(res.request().head()) {
+                res.headers_mut()
+                    .insert(header::ACCESS_CONTROL_ALLOW_ORIGIN, origin);
+            };
+        }
 
         if let Some(ref expose) = inner.expose_headers_baked {
             log::trace!("exposing selected headers: {:?}", expose);
@@ -447,8 +471,10 @@
         }
 
         // only check actual requests with a origin header
-        if origin.is_some() {
-            if let Err(err) = self.inner.validate_origin(req.head()) {
+        let origin_allowed = match (origin, self.inner.validate_origin(req.head())) {
+            (None, _) => false,
+            (_, Ok(origin_allowed)) => origin_allowed,
+            (_, Err(err)) => {
                 debug!("origin validation failed; inner service is not called");
                 let mut res = req.error_response(err);
 
@@ -458,14 +484,14 @@
 
                 return ok(res.map_into_right_body()).boxed_local();
             }
-        }
+        };
 
         let inner = Rc::clone(&self.inner);
         let fut = self.service.call(req);
 
         Box::pin(async move {
             let res = fut.await;
-            Ok(Self::augment_response(&inner, res?).map_into_left_body())
+            Ok(Self::augment_response(&inner, origin_allowed, res?).map_into_left_body())
         })
     }
 }