actix/actix-extras
1
0
Fork 0
mirror of https://github.com/actix/actix-extras.git synced 2025-09-02 13:06:38 +02:00
Code Issues Releases Wiki Activity
Files
258efbfa7558595f965b487747f8efa0fb684dff
actix-extras/src/actix_cors/inner.rs.html
github-merge-queue[bot] 258efbfa75 Deploying to gh-pages from @ actix/actix-extras@2f30fd71a9 🚀
2023-12-06 14:01:24 +00:00

815 lines
40 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `actix-cors/src/inner.rs`."><title>inner.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/SourceSerif4-Regular-46f98efaafac5295.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/FiraSans-Regular-018c141bf0843ffd.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/FiraSans-Medium-8f9a781e4970d388.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/SourceCodePro-Regular-562dcc5011b6de7d.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/SourceCodePro-Semibold-d899c5a5c4aeb14a.ttf.woff2"><link rel="stylesheet" href="../../static.files/normalize-76eba96aa4d2e634.css"><link rel="stylesheet" href="../../static.files/rustdoc-c67e44d78ab2db17.css"><meta name="rustdoc-vars" data-root-path="../../" data-static-root-path="../../static.files/" data-current-crate="actix_cors" data-themes="" data-resource-suffix="" data-rustdoc-version="1.76.0-nightly (e9013ac0e 2023-12-05)" data-channel="nightly" data-search-js="search-5a66c239c06b3a66.js" data-settings-js="settings-fe03fdc259827cd2.js" ><script src="../../static.files/storage-fec3eaa3851e447d.js"></script><script defer src="../../static.files/src-script-3280b574d94e47b4.js"></script><script defer src="../../src-files.js"></script><script defer src="../../static.files/main-77dede896d6ac08e.js"></script><noscript><link rel="stylesheet" href="../../static.files/noscript-5d8b3c7633ad77ba.css"></noscript><link rel="icon" href="https://actix.rs/favicon.ico"></head><body class="rustdoc src"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"></nav><main><nav class="sub"><a class="sub-logo-container" href="../../actix_cors/index.html"><img src="https://actix.rs/img/logo.png" alt="actix_cors"></a><form class="search-form"><span></span><input class="search-input" name="search" aria-label="Run search in the documentation" autocomplete="off" spellcheck="false" placeholder="Click or press S to search, ? for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../static.files/wheel-7b819b6101059cd0.svg"></a></div></form></nav><section id="main-content" class="content"><div class="example-wrap"><div data-nosnippet><pre class="src-line-numbers"><a href="#1" id="1">1</a>
<a href="#2" id="2">2</a>
<a href="#3" id="3">3</a>
<a href="#4" id="4">4</a>
<a href="#5" id="5">5</a>
<a href="#6" id="6">6</a>
<a href="#7" id="7">7</a>
<a href="#8" id="8">8</a>
<a href="#9" id="9">9</a>
<a href="#10" id="10">10</a>
<a href="#11" id="11">11</a>
<a href="#12" id="12">12</a>
<a href="#13" id="13">13</a>
<a href="#14" id="14">14</a>
<a href="#15" id="15">15</a>
<a href="#16" id="16">16</a>
<a href="#17" id="17">17</a>
<a href="#18" id="18">18</a>
<a href="#19" id="19">19</a>
<a href="#20" id="20">20</a>
<a href="#21" id="21">21</a>
<a href="#22" id="22">22</a>
<a href="#23" id="23">23</a>
<a href="#24" id="24">24</a>
<a href="#25" id="25">25</a>
<a href="#26" id="26">26</a>
<a href="#27" id="27">27</a>
<a href="#28" id="28">28</a>
<a href="#29" id="29">29</a>
<a href="#30" id="30">30</a>
<a href="#31" id="31">31</a>
<a href="#32" id="32">32</a>
<a href="#33" id="33">33</a>
<a href="#34" id="34">34</a>
<a href="#35" id="35">35</a>
<a href="#36" id="36">36</a>
<a href="#37" id="37">37</a>
<a href="#38" id="38">38</a>
<a href="#39" id="39">39</a>
<a href="#40" id="40">40</a>
<a href="#41" id="41">41</a>
<a href="#42" id="42">42</a>
<a href="#43" id="43">43</a>
<a href="#44" id="44">44</a>
<a href="#45" id="45">45</a>
<a href="#46" id="46">46</a>
<a href="#47" id="47">47</a>
<a href="#48" id="48">48</a>
<a href="#49" id="49">49</a>
<a href="#50" id="50">50</a>
<a href="#51" id="51">51</a>
<a href="#52" id="52">52</a>
<a href="#53" id="53">53</a>
<a href="#54" id="54">54</a>
<a href="#55" id="55">55</a>
<a href="#56" id="56">56</a>
<a href="#57" id="57">57</a>
<a href="#58" id="58">58</a>
<a href="#59" id="59">59</a>
<a href="#60" id="60">60</a>
<a href="#61" id="61">61</a>
<a href="#62" id="62">62</a>
<a href="#63" id="63">63</a>
<a href="#64" id="64">64</a>
<a href="#65" id="65">65</a>
<a href="#66" id="66">66</a>
<a href="#67" id="67">67</a>
<a href="#68" id="68">68</a>
<a href="#69" id="69">69</a>
<a href="#70" id="70">70</a>
<a href="#71" id="71">71</a>
<a href="#72" id="72">72</a>
<a href="#73" id="73">73</a>
<a href="#74" id="74">74</a>
<a href="#75" id="75">75</a>
<a href="#76" id="76">76</a>
<a href="#77" id="77">77</a>
<a href="#78" id="78">78</a>
<a href="#79" id="79">79</a>
<a href="#80" id="80">80</a>
<a href="#81" id="81">81</a>
<a href="#82" id="82">82</a>
<a href="#83" id="83">83</a>
<a href="#84" id="84">84</a>
<a href="#85" id="85">85</a>
<a href="#86" id="86">86</a>
<a href="#87" id="87">87</a>
<a href="#88" id="88">88</a>
<a href="#89" id="89">89</a>
<a href="#90" id="90">90</a>
<a href="#91" id="91">91</a>
<a href="#92" id="92">92</a>
<a href="#93" id="93">93</a>
<a href="#94" id="94">94</a>
<a href="#95" id="95">95</a>
<a href="#96" id="96">96</a>
<a href="#97" id="97">97</a>
<a href="#98" id="98">98</a>
<a href="#99" id="99">99</a>
<a href="#100" id="100">100</a>
<a href="#101" id="101">101</a>
<a href="#102" id="102">102</a>
<a href="#103" id="103">103</a>
<a href="#104" id="104">104</a>
<a href="#105" id="105">105</a>
<a href="#106" id="106">106</a>
<a href="#107" id="107">107</a>
<a href="#108" id="108">108</a>
<a href="#109" id="109">109</a>
<a href="#110" id="110">110</a>
<a href="#111" id="111">111</a>
<a href="#112" id="112">112</a>
<a href="#113" id="113">113</a>
<a href="#114" id="114">114</a>
<a href="#115" id="115">115</a>
<a href="#116" id="116">116</a>
<a href="#117" id="117">117</a>
<a href="#118" id="118">118</a>
<a href="#119" id="119">119</a>
<a href="#120" id="120">120</a>
<a href="#121" id="121">121</a>
<a href="#122" id="122">122</a>
<a href="#123" id="123">123</a>
<a href="#124" id="124">124</a>
<a href="#125" id="125">125</a>
<a href="#126" id="126">126</a>
<a href="#127" id="127">127</a>
<a href="#128" id="128">128</a>
<a href="#129" id="129">129</a>
<a href="#130" id="130">130</a>
<a href="#131" id="131">131</a>
<a href="#132" id="132">132</a>
<a href="#133" id="133">133</a>
<a href="#134" id="134">134</a>
<a href="#135" id="135">135</a>
<a href="#136" id="136">136</a>
<a href="#137" id="137">137</a>
<a href="#138" id="138">138</a>
<a href="#139" id="139">139</a>
<a href="#140" id="140">140</a>
<a href="#141" id="141">141</a>
<a href="#142" id="142">142</a>
<a href="#143" id="143">143</a>
<a href="#144" id="144">144</a>
<a href="#145" id="145">145</a>
<a href="#146" id="146">146</a>
<a href="#147" id="147">147</a>
<a href="#148" id="148">148</a>
<a href="#149" id="149">149</a>
<a href="#150" id="150">150</a>
<a href="#151" id="151">151</a>
<a href="#152" id="152">152</a>
<a href="#153" id="153">153</a>
<a href="#154" id="154">154</a>
<a href="#155" id="155">155</a>
<a href="#156" id="156">156</a>
<a href="#157" id="157">157</a>
<a href="#158" id="158">158</a>
<a href="#159" id="159">159</a>
<a href="#160" id="160">160</a>
<a href="#161" id="161">161</a>
<a href="#162" id="162">162</a>
<a href="#163" id="163">163</a>
<a href="#164" id="164">164</a>
<a href="#165" id="165">165</a>
<a href="#166" id="166">166</a>
<a href="#167" id="167">167</a>
<a href="#168" id="168">168</a>
<a href="#169" id="169">169</a>
<a href="#170" id="170">170</a>
<a href="#171" id="171">171</a>
<a href="#172" id="172">172</a>
<a href="#173" id="173">173</a>
<a href="#174" id="174">174</a>
<a href="#175" id="175">175</a>
<a href="#176" id="176">176</a>
<a href="#177" id="177">177</a>
<a href="#178" id="178">178</a>
<a href="#179" id="179">179</a>
<a href="#180" id="180">180</a>
<a href="#181" id="181">181</a>
<a href="#182" id="182">182</a>
<a href="#183" id="183">183</a>
<a href="#184" id="184">184</a>
<a href="#185" id="185">185</a>
<a href="#186" id="186">186</a>
<a href="#187" id="187">187</a>
<a href="#188" id="188">188</a>
<a href="#189" id="189">189</a>
<a href="#190" id="190">190</a>
<a href="#191" id="191">191</a>
<a href="#192" id="192">192</a>
<a href="#193" id="193">193</a>
<a href="#194" id="194">194</a>
<a href="#195" id="195">195</a>
<a href="#196" id="196">196</a>
<a href="#197" id="197">197</a>
<a href="#198" id="198">198</a>
<a href="#199" id="199">199</a>
<a href="#200" id="200">200</a>
<a href="#201" id="201">201</a>
<a href="#202" id="202">202</a>
<a href="#203" id="203">203</a>
<a href="#204" id="204">204</a>
<a href="#205" id="205">205</a>
<a href="#206" id="206">206</a>
<a href="#207" id="207">207</a>
<a href="#208" id="208">208</a>
<a href="#209" id="209">209</a>
<a href="#210" id="210">210</a>
<a href="#211" id="211">211</a>
<a href="#212" id="212">212</a>
<a href="#213" id="213">213</a>
<a href="#214" id="214">214</a>
<a href="#215" id="215">215</a>
<a href="#216" id="216">216</a>
<a href="#217" id="217">217</a>
<a href="#218" id="218">218</a>
<a href="#219" id="219">219</a>
<a href="#220" id="220">220</a>
<a href="#221" id="221">221</a>
<a href="#222" id="222">222</a>
<a href="#223" id="223">223</a>
<a href="#224" id="224">224</a>
<a href="#225" id="225">225</a>
<a href="#226" id="226">226</a>
<a href="#227" id="227">227</a>
<a href="#228" id="228">228</a>
<a href="#229" id="229">229</a>
<a href="#230" id="230">230</a>
<a href="#231" id="231">231</a>
<a href="#232" id="232">232</a>
<a href="#233" id="233">233</a>
<a href="#234" id="234">234</a>
<a href="#235" id="235">235</a>
<a href="#236" id="236">236</a>
<a href="#237" id="237">237</a>
<a href="#238" id="238">238</a>
<a href="#239" id="239">239</a>
<a href="#240" id="240">240</a>
<a href="#241" id="241">241</a>
<a href="#242" id="242">242</a>
<a href="#243" id="243">243</a>
<a href="#244" id="244">244</a>
<a href="#245" id="245">245</a>
<a href="#246" id="246">246</a>
<a href="#247" id="247">247</a>
<a href="#248" id="248">248</a>
<a href="#249" id="249">249</a>
<a href="#250" id="250">250</a>
<a href="#251" id="251">251</a>
<a href="#252" id="252">252</a>
<a href="#253" id="253">253</a>
<a href="#254" id="254">254</a>
<a href="#255" id="255">255</a>
<a href="#256" id="256">256</a>
<a href="#257" id="257">257</a>
<a href="#258" id="258">258</a>
<a href="#259" id="259">259</a>
<a href="#260" id="260">260</a>
<a href="#261" id="261">261</a>
<a href="#262" id="262">262</a>
<a href="#263" id="263">263</a>
<a href="#264" id="264">264</a>
<a href="#265" id="265">265</a>
<a href="#266" id="266">266</a>
<a href="#267" id="267">267</a>
<a href="#268" id="268">268</a>
<a href="#269" id="269">269</a>
<a href="#270" id="270">270</a>
<a href="#271" id="271">271</a>
<a href="#272" id="272">272</a>
<a href="#273" id="273">273</a>
<a href="#274" id="274">274</a>
<a href="#275" id="275">275</a>
<a href="#276" id="276">276</a>
<a href="#277" id="277">277</a>
<a href="#278" id="278">278</a>
<a href="#279" id="279">279</a>
<a href="#280" id="280">280</a>
<a href="#281" id="281">281</a>
<a href="#282" id="282">282</a>
<a href="#283" id="283">283</a>
<a href="#284" id="284">284</a>
<a href="#285" id="285">285</a>
<a href="#286" id="286">286</a>
<a href="#287" id="287">287</a>
<a href="#288" id="288">288</a>
<a href="#289" id="289">289</a>
<a href="#290" id="290">290</a>
<a href="#291" id="291">291</a>
<a href="#292" id="292">292</a>
<a href="#293" id="293">293</a>
<a href="#294" id="294">294</a>
<a href="#295" id="295">295</a>
<a href="#296" id="296">296</a>
<a href="#297" id="297">297</a>
<a href="#298" id="298">298</a>
<a href="#299" id="299">299</a>
<a href="#300" id="300">300</a>
<a href="#301" id="301">301</a>
<a href="#302" id="302">302</a>
<a href="#303" id="303">303</a>
<a href="#304" id="304">304</a>
<a href="#305" id="305">305</a>
<a href="#306" id="306">306</a>
<a href="#307" id="307">307</a>
<a href="#308" id="308">308</a>
<a href="#309" id="309">309</a>
<a href="#310" id="310">310</a>
<a href="#311" id="311">311</a>
<a href="#312" id="312">312</a>
<a href="#313" id="313">313</a>
<a href="#314" id="314">314</a>
<a href="#315" id="315">315</a>
<a href="#316" id="316">316</a>
<a href="#317" id="317">317</a>
<a href="#318" id="318">318</a>
<a href="#319" id="319">319</a>
<a href="#320" id="320">320</a>
<a href="#321" id="321">321</a>
<a href="#322" id="322">322</a>
<a href="#323" id="323">323</a>
<a href="#324" id="324">324</a>
<a href="#325" id="325">325</a>
<a href="#326" id="326">326</a>
<a href="#327" id="327">327</a>
<a href="#328" id="328">328</a>
<a href="#329" id="329">329</a>
<a href="#330" id="330">330</a>
<a href="#331" id="331">331</a>
<a href="#332" id="332">332</a>
<a href="#333" id="333">333</a>
<a href="#334" id="334">334</a>
<a href="#335" id="335">335</a>
<a href="#336" id="336">336</a>
<a href="#337" id="337">337</a>
<a href="#338" id="338">338</a>
<a href="#339" id="339">339</a>
<a href="#340" id="340">340</a>
<a href="#341" id="341">341</a>
<a href="#342" id="342">342</a>
<a href="#343" id="343">343</a>
<a href="#344" id="344">344</a>
<a href="#345" id="345">345</a>
<a href="#346" id="346">346</a>
<a href="#347" id="347">347</a>
<a href="#348" id="348">348</a>
<a href="#349" id="349">349</a>
<a href="#350" id="350">350</a>
<a href="#351" id="351">351</a>
<a href="#352" id="352">352</a>
<a href="#353" id="353">353</a>
<a href="#354" id="354">354</a>
<a href="#355" id="355">355</a>
<a href="#356" id="356">356</a>
<a href="#357" id="357">357</a>
<a href="#358" id="358">358</a>
<a href="#359" id="359">359</a>
<a href="#360" id="360">360</a>
<a href="#361" id="361">361</a>
<a href="#362" id="362">362</a>
<a href="#363" id="363">363</a>
<a href="#364" id="364">364</a>
<a href="#365" id="365">365</a>
<a href="#366" id="366">366</a>
<a href="#367" id="367">367</a>
<a href="#368" id="368">368</a>
<a href="#369" id="369">369</a>
<a href="#370" id="370">370</a>
<a href="#371" id="371">371</a>
<a href="#372" id="372">372</a>
<a href="#373" id="373">373</a>
<a href="#374" id="374">374</a>
<a href="#375" id="375">375</a>
<a href="#376" id="376">376</a>
<a href="#377" id="377">377</a>
<a href="#378" id="378">378</a>
<a href="#379" id="379">379</a>
<a href="#380" id="380">380</a>
<a href="#381" id="381">381</a>
<a href="#382" id="382">382</a>
<a href="#383" id="383">383</a>
<a href="#384" id="384">384</a>
<a href="#385" id="385">385</a>
<a href="#386" id="386">386</a>
<a href="#387" id="387">387</a>
<a href="#388" id="388">388</a>
<a href="#389" id="389">389</a>
<a href="#390" id="390">390</a>
<a href="#391" id="391">391</a>
<a href="#392" id="392">392</a>
<a href="#393" id="393">393</a>
<a href="#394" id="394">394</a>
<a href="#395" id="395">395</a>
<a href="#396" id="396">396</a>
<a href="#397" id="397">397</a>
<a href="#398" id="398">398</a>
<a href="#399" id="399">399</a>
<a href="#400" id="400">400</a>
<a href="#401" id="401">401</a>
<a href="#402" id="402">402</a>
<a href="#403" id="403">403</a>
<a href="#404" id="404">404</a>
<a href="#405" id="405">405</a>
<a href="#406" id="406">406</a>
<a href="#407" id="407">407</a>
</pre></div><pre class="rust"><code><span class="kw">use </span>std::{
collections::HashSet,
convert::{TryFrom, TryInto},
fmt,
rc::Rc,
};
<span class="kw">use </span>actix_web::{
dev::RequestHead,
error::Result,
http::{
header::{<span class="self">self</span>, HeaderMap, HeaderName, HeaderValue},
Method,
},
};
<span class="kw">use </span>once_cell::sync::Lazy;
<span class="kw">use </span>smallvec::SmallVec;
<span class="kw">use crate</span>::{AllOrSome, CorsError};
<span class="attr">#[derive(Clone)]
</span><span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">struct </span>OriginFn {
<span class="attr">#[allow(clippy::type_complexity)]
</span><span class="kw">pub</span>(<span class="kw">crate</span>) boxed_fn: Rc&lt;<span class="kw">dyn </span>Fn(<span class="kw-2">&amp;</span>HeaderValue, <span class="kw-2">&amp;</span>RequestHead) -&gt; bool&gt;,
}
<span class="kw">impl </span>Default <span class="kw">for </span>OriginFn {
<span class="doccomment">/// Dummy default for use in tiny_vec. Do not use.
</span><span class="kw">fn </span>default() -&gt; <span class="self">Self </span>{
<span class="kw">let </span>boxed_fn: Rc&lt;<span class="kw">dyn </span>Fn(<span class="kw-2">&amp;</span><span class="kw">_</span>, <span class="kw-2">&amp;</span><span class="kw">_</span>) -&gt; <span class="kw">_</span>&gt; = Rc::new(|_origin, _req_head| <span class="bool-val">false</span>);
<span class="self">Self </span>{ boxed_fn }
}
}
<span class="kw">impl </span>fmt::Debug <span class="kw">for </span>OriginFn {
<span class="kw">fn </span>fmt(<span class="kw-2">&amp;</span><span class="self">self</span>, f: <span class="kw-2">&amp;mut </span>fmt::Formatter&lt;<span class="lifetime">'_</span>&gt;) -&gt; fmt::Result {
f.write_str(<span class="string">"origin_fn"</span>)
}
}
<span class="doccomment">/// Try to parse header value as HTTP method.
</span><span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>header_value_try_into_method(hdr: <span class="kw-2">&amp;</span>HeaderValue) -&gt; <span class="prelude-ty">Option</span>&lt;Method&gt; {
hdr.to_str()
.ok()
.and_then(|meth| Method::try_from(meth).ok())
}
<span class="attr">#[derive(Debug, Clone)]
</span><span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">struct </span>Inner {
<span class="kw">pub</span>(<span class="kw">crate</span>) allowed_origins: AllOrSome&lt;HashSet&lt;HeaderValue&gt;&gt;,
<span class="kw">pub</span>(<span class="kw">crate</span>) allowed_origins_fns: SmallVec&lt;[OriginFn; <span class="number">4</span>]&gt;,
<span class="kw">pub</span>(<span class="kw">crate</span>) allowed_methods: HashSet&lt;Method&gt;,
<span class="kw">pub</span>(<span class="kw">crate</span>) allowed_methods_baked: <span class="prelude-ty">Option</span>&lt;HeaderValue&gt;,
<span class="kw">pub</span>(<span class="kw">crate</span>) allowed_headers: AllOrSome&lt;HashSet&lt;HeaderName&gt;&gt;,
<span class="kw">pub</span>(<span class="kw">crate</span>) allowed_headers_baked: <span class="prelude-ty">Option</span>&lt;HeaderValue&gt;,
<span class="doccomment">/// `All` will echo back `Access-Control-Request-Header` list.
</span><span class="kw">pub</span>(<span class="kw">crate</span>) expose_headers: AllOrSome&lt;HashSet&lt;HeaderName&gt;&gt;,
<span class="kw">pub</span>(<span class="kw">crate</span>) expose_headers_baked: <span class="prelude-ty">Option</span>&lt;HeaderValue&gt;,
<span class="kw">pub</span>(<span class="kw">crate</span>) max_age: <span class="prelude-ty">Option</span>&lt;usize&gt;,
<span class="kw">pub</span>(<span class="kw">crate</span>) preflight: bool,
<span class="kw">pub</span>(<span class="kw">crate</span>) send_wildcard: bool,
<span class="kw">pub</span>(<span class="kw">crate</span>) supports_credentials: bool,
<span class="attr">#[cfg(feature = <span class="string">"draft-private-network-access"</span>)]
</span><span class="kw">pub</span>(<span class="kw">crate</span>) allow_private_network_access: bool,
<span class="kw">pub</span>(<span class="kw">crate</span>) vary_header: bool,
<span class="kw">pub</span>(<span class="kw">crate</span>) block_on_origin_mismatch: bool,
}
<span class="kw">static </span>EMPTY_ORIGIN_SET: Lazy&lt;HashSet&lt;HeaderValue&gt;&gt; = Lazy::new(HashSet::new);
<span class="kw">impl </span>Inner {
<span class="doccomment">/// The bool returned in Ok(_) position indicates whether the `Access-Control-Allow-Origin`
/// header should be added to the response or not.
</span><span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>validate_origin(<span class="kw-2">&amp;</span><span class="self">self</span>, req: <span class="kw-2">&amp;</span>RequestHead) -&gt; <span class="prelude-ty">Result</span>&lt;bool, CorsError&gt; {
<span class="comment">// return early if all origins are allowed or get ref to allowed origins set
</span><span class="attr">#[allow(clippy::mutable_key_type)]
</span><span class="kw">let </span>allowed_origins = <span class="kw">match </span><span class="kw-2">&amp;</span><span class="self">self</span>.allowed_origins {
AllOrSome::All <span class="kw">if </span><span class="self">self</span>.allowed_origins_fns.is_empty() =&gt; <span class="kw">return </span><span class="prelude-val">Ok</span>(<span class="bool-val">true</span>),
AllOrSome::Some(allowed_origins) =&gt; allowed_origins,
<span class="comment">// only function origin validators are defined
</span><span class="kw">_ </span>=&gt; <span class="kw-2">&amp;</span>EMPTY_ORIGIN_SET,
};
<span class="comment">// get origin header and try to parse as string
</span><span class="kw">match </span>req.headers().get(header::ORIGIN) {
<span class="comment">// origin header exists and is a string
</span><span class="prelude-val">Some</span>(origin) =&gt; {
<span class="kw">if </span>allowed_origins.contains(origin) || <span class="self">self</span>.validate_origin_fns(origin, req) {
<span class="prelude-val">Ok</span>(<span class="bool-val">true</span>)
} <span class="kw">else if </span><span class="self">self</span>.block_on_origin_mismatch {
<span class="prelude-val">Err</span>(CorsError::OriginNotAllowed)
} <span class="kw">else </span>{
<span class="prelude-val">Ok</span>(<span class="bool-val">false</span>)
}
}
<span class="comment">// origin header is missing
// note: with our implementation, the origin header is required for OPTIONS request or
// else this would be unreachable
</span><span class="prelude-val">None </span>=&gt; <span class="prelude-val">Err</span>(CorsError::MissingOrigin),
}
}
<span class="doccomment">/// Accepts origin if _ANY_ functions return true. Only called when Origin exists.
</span><span class="kw">fn </span>validate_origin_fns(<span class="kw-2">&amp;</span><span class="self">self</span>, origin: <span class="kw-2">&amp;</span>HeaderValue, req: <span class="kw-2">&amp;</span>RequestHead) -&gt; bool {
<span class="self">self</span>.allowed_origins_fns
.iter()
.any(|origin_fn| (origin_fn.boxed_fn)(origin, req))
}
<span class="doccomment">/// Only called if origin exists and always after it's validated.
</span><span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>access_control_allow_origin(<span class="kw-2">&amp;</span><span class="self">self</span>, req: <span class="kw-2">&amp;</span>RequestHead) -&gt; <span class="prelude-ty">Option</span>&lt;HeaderValue&gt; {
<span class="kw">let </span>origin = req.headers().get(header::ORIGIN);
<span class="kw">match </span><span class="self">self</span>.allowed_origins {
AllOrSome::All =&gt; {
<span class="kw">if </span><span class="self">self</span>.send_wildcard {
<span class="prelude-val">Some</span>(HeaderValue::from_static(<span class="string">"*"</span>))
} <span class="kw">else </span>{
<span class="comment">// see note below about why `.cloned()` is correct
</span>origin.cloned()
}
}
AllOrSome::Some(<span class="kw">_</span>) =&gt; {
<span class="comment">// since origin (if it exists) is known to be allowed if this method is called
// then cloning the option is all that is required to be used as an echoed back
// header value (or omitted if None)
</span>origin.cloned()
}
}
}
<span class="doccomment">/// Use in preflight checks and therefore operates on header list in
/// `Access-Control-Request-Headers` not the actual header set.
</span><span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>validate_allowed_method(<span class="kw-2">&amp;</span><span class="self">self</span>, req: <span class="kw-2">&amp;</span>RequestHead) -&gt; <span class="prelude-ty">Result</span>&lt;(), CorsError&gt; {
<span class="comment">// extract access control header and try to parse as method
</span><span class="kw">let </span>request_method = req
.headers()
.get(header::ACCESS_CONTROL_REQUEST_METHOD)
.map(header_value_try_into_method);
<span class="kw">match </span>request_method {
<span class="comment">// method valid and allowed
</span><span class="prelude-val">Some</span>(<span class="prelude-val">Some</span>(method)) <span class="kw">if </span><span class="self">self</span>.allowed_methods.contains(<span class="kw-2">&amp;</span>method) =&gt; <span class="prelude-val">Ok</span>(()),
<span class="comment">// method valid but not allowed
</span><span class="prelude-val">Some</span>(<span class="prelude-val">Some</span>(<span class="kw">_</span>)) =&gt; <span class="prelude-val">Err</span>(CorsError::MethodNotAllowed),
<span class="comment">// method invalid
</span><span class="prelude-val">Some</span>(<span class="kw">_</span>) =&gt; <span class="prelude-val">Err</span>(CorsError::BadRequestMethod),
<span class="comment">// method missing so this is not a preflight request
</span><span class="prelude-val">None </span>=&gt; <span class="prelude-val">Err</span>(CorsError::MissingRequestMethod),
}
}
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>validate_allowed_headers(<span class="kw-2">&amp;</span><span class="self">self</span>, req: <span class="kw-2">&amp;</span>RequestHead) -&gt; <span class="prelude-ty">Result</span>&lt;(), CorsError&gt; {
<span class="comment">// return early if all headers are allowed or get ref to allowed origins set
</span><span class="attr">#[allow(clippy::mutable_key_type)]
</span><span class="kw">let </span>allowed_headers = <span class="kw">match </span><span class="kw-2">&amp;</span><span class="self">self</span>.allowed_headers {
AllOrSome::All =&gt; <span class="kw">return </span><span class="prelude-val">Ok</span>(()),
AllOrSome::Some(allowed_headers) =&gt; allowed_headers,
};
<span class="comment">// extract access control header as string
// header format should be comma separated header names
</span><span class="kw">let </span>request_headers = req
.headers()
.get(header::ACCESS_CONTROL_REQUEST_HEADERS)
.map(|hdr| hdr.to_str());
<span class="kw">match </span>request_headers {
<span class="comment">// header list is valid string
</span><span class="prelude-val">Some</span>(<span class="prelude-val">Ok</span>(headers)) =&gt; {
<span class="comment">// the set is ephemeral we take care not to mutate the
// inserted keys so this lint exception is acceptable
</span><span class="attr">#[allow(clippy::mutable_key_type)]
</span><span class="kw">let </span><span class="kw-2">mut </span>request_headers = HashSet::with_capacity(<span class="number">8</span>);
<span class="comment">// try to convert each header name in the comma-separated list
</span><span class="kw">for </span>hdr <span class="kw">in </span>headers.split(<span class="string">','</span>) {
<span class="kw">match </span>hdr.trim().try_into() {
<span class="prelude-val">Ok</span>(hdr) =&gt; request_headers.insert(hdr),
<span class="prelude-val">Err</span>(<span class="kw">_</span>) =&gt; <span class="kw">return </span><span class="prelude-val">Err</span>(CorsError::BadRequestHeaders),
};
}
<span class="comment">// header list must contain 1 or more header name
</span><span class="kw">if </span>request_headers.is_empty() {
<span class="kw">return </span><span class="prelude-val">Err</span>(CorsError::BadRequestHeaders);
}
<span class="comment">// request header list must be a subset of allowed headers
</span><span class="kw">if </span>!request_headers.is_subset(allowed_headers) {
<span class="kw">return </span><span class="prelude-val">Err</span>(CorsError::HeadersNotAllowed);
}
<span class="prelude-val">Ok</span>(())
}
<span class="comment">// header list is not a string
</span><span class="prelude-val">Some</span>(<span class="prelude-val">Err</span>(<span class="kw">_</span>)) =&gt; <span class="prelude-val">Err</span>(CorsError::BadRequestHeaders),
<span class="comment">// header list missing
</span><span class="prelude-val">None </span>=&gt; <span class="prelude-val">Ok</span>(()),
}
}
}
<span class="doccomment">/// Add CORS related request headers to response's Vary header.
///
/// See &lt;https://fetch.spec.whatwg.org/#cors-protocol-and-http-caches&gt;.
</span><span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>add_vary_header(headers: <span class="kw-2">&amp;mut </span>HeaderMap) {
<span class="kw">let </span>value = <span class="kw">match </span>headers.get(header::VARY) {
<span class="prelude-val">Some</span>(hdr) =&gt; {
<span class="kw">let </span><span class="kw-2">mut </span>val: Vec&lt;u8&gt; = Vec::with_capacity(hdr.len() + <span class="number">71</span>);
val.extend(hdr.as_bytes());
val.extend(<span class="string">b", Origin, Access-Control-Request-Method, Access-Control-Request-Headers"</span>);
<span class="attr">#[cfg(feature = <span class="string">"draft-private-network-access"</span>)]
</span>val.extend(<span class="string">b", Access-Control-Request-Private-Network"</span>);
val.try_into().unwrap()
}
<span class="attr">#[cfg(feature = <span class="string">"draft-private-network-access"</span>)]
</span><span class="prelude-val">None </span>=&gt; HeaderValue::from_static(
<span class="string">"Origin, Access-Control-Request-Method, Access-Control-Request-Headers, \
Access-Control-Request-Private-Network"</span>,
),
<span class="attr">#[cfg(not(feature = <span class="string">"draft-private-network-access"</span>))]
</span><span class="prelude-val">None </span>=&gt; HeaderValue::from_static(
<span class="string">"Origin, Access-Control-Request-Method, Access-Control-Request-Headers"</span>,
),
};
headers.insert(header::VARY, value);
}
<span class="attr">#[cfg(test)]
</span><span class="kw">mod </span>test {
<span class="kw">use </span>std::rc::Rc;
<span class="kw">use </span>actix_web::{
dev::Transform,
http::{
header::{<span class="self">self</span>, HeaderValue},
Method, StatusCode,
},
test::{<span class="self">self</span>, TestRequest},
};
<span class="kw">use </span><span class="kw">crate</span>::Cors;
<span class="kw">fn </span>val_as_str(val: <span class="kw-2">&amp;</span>HeaderValue) -&gt; <span class="kw-2">&amp;</span>str {
val.to_str().unwrap()
}
<span class="attr">#[actix_web::test]
</span><span class="kw">async fn </span>test_validate_not_allowed_origin() {
<span class="kw">let </span>cors = Cors::default()
.allowed_origin(<span class="string">"https://www.example.com"</span>)
.new_transform(test::ok_service())
.<span class="kw">await
</span>.unwrap();
<span class="kw">let </span>req = TestRequest::get()
.insert_header((header::ORIGIN, <span class="string">"https://www.unknown.com"</span>))
.insert_header((header::ACCESS_CONTROL_REQUEST_HEADERS, <span class="string">"DNT"</span>))
.to_srv_request();
<span class="macro">assert!</span>(cors.inner.validate_origin(req.head()).is_err());
<span class="macro">assert!</span>(cors.inner.validate_allowed_method(req.head()).is_err());
<span class="macro">assert!</span>(cors.inner.validate_allowed_headers(req.head()).is_err());
}
<span class="attr">#[actix_web::test]
</span><span class="kw">async fn </span>test_preflight() {
<span class="kw">let </span><span class="kw-2">mut </span>cors = Cors::default()
.allow_any_origin()
.send_wildcard()
.max_age(<span class="number">3600</span>)
.allowed_methods(<span class="macro">vec!</span>[Method::GET, Method::OPTIONS, Method::POST])
.allowed_headers(<span class="macro">vec!</span>[header::AUTHORIZATION, header::ACCEPT])
.allowed_header(header::CONTENT_TYPE)
.new_transform(test::ok_service())
.<span class="kw">await
</span>.unwrap();
<span class="kw">let </span>req = TestRequest::default()
.method(Method::OPTIONS)
.insert_header((<span class="string">"Origin"</span>, <span class="string">"https://www.example.com"</span>))
.insert_header((header::ACCESS_CONTROL_REQUEST_HEADERS, <span class="string">"X-Not-Allowed"</span>))
.to_srv_request();
<span class="macro">assert!</span>(cors.inner.validate_allowed_method(req.head()).is_err());
<span class="macro">assert!</span>(cors.inner.validate_allowed_headers(req.head()).is_err());
<span class="kw">let </span>resp = test::call_service(<span class="kw-2">&amp;</span>cors, req).<span class="kw">await</span>;
<span class="macro">assert_eq!</span>(resp.status(), StatusCode::OK);
<span class="kw">let </span>req = TestRequest::default()
.method(Method::OPTIONS)
.insert_header((<span class="string">"Origin"</span>, <span class="string">"https://www.example.com"</span>))
.insert_header((header::ACCESS_CONTROL_REQUEST_METHOD, <span class="string">"put"</span>))
.to_srv_request();
<span class="macro">assert!</span>(cors.inner.validate_allowed_method(req.head()).is_err());
<span class="macro">assert!</span>(cors.inner.validate_allowed_headers(req.head()).is_ok());
<span class="kw">let </span>req = TestRequest::default()
.method(Method::OPTIONS)
.insert_header((<span class="string">"Origin"</span>, <span class="string">"https://www.example.com"</span>))
.insert_header((header::ACCESS_CONTROL_REQUEST_METHOD, <span class="string">"POST"</span>))
.insert_header((
header::ACCESS_CONTROL_REQUEST_HEADERS,
<span class="string">"AUTHORIZATION,ACCEPT"</span>,
))
.to_srv_request();
<span class="kw">let </span>resp = test::call_service(<span class="kw-2">&amp;</span>cors, req).<span class="kw">await</span>;
<span class="macro">assert_eq!</span>(
<span class="prelude-val">Some</span>(<span class="kw-2">&amp;</span><span class="string">b"*"</span>[..]),
resp.headers()
.get(header::ACCESS_CONTROL_ALLOW_ORIGIN)
.map(HeaderValue::as_bytes)
);
<span class="macro">assert_eq!</span>(
<span class="prelude-val">Some</span>(<span class="kw-2">&amp;</span><span class="string">b"3600"</span>[..]),
resp.headers()
.get(header::ACCESS_CONTROL_MAX_AGE)
.map(HeaderValue::as_bytes)
);
<span class="kw">let </span>hdr = resp
.headers()
.get(header::ACCESS_CONTROL_ALLOW_HEADERS)
.map(val_as_str)
.unwrap();
<span class="macro">assert!</span>(hdr.contains(<span class="string">"authorization"</span>));
<span class="macro">assert!</span>(hdr.contains(<span class="string">"accept"</span>));
<span class="macro">assert!</span>(hdr.contains(<span class="string">"content-type"</span>));
<span class="kw">let </span>methods = resp
.headers()
.get(header::ACCESS_CONTROL_ALLOW_METHODS)
.unwrap()
.to_str()
.unwrap();
<span class="macro">assert!</span>(methods.contains(<span class="string">"POST"</span>));
<span class="macro">assert!</span>(methods.contains(<span class="string">"GET"</span>));
<span class="macro">assert!</span>(methods.contains(<span class="string">"OPTIONS"</span>));
Rc::get_mut(<span class="kw-2">&amp;mut </span>cors.inner).unwrap().preflight = <span class="bool-val">false</span>;
<span class="kw">let </span>req = TestRequest::default()
.method(Method::OPTIONS)
.insert_header((<span class="string">"Origin"</span>, <span class="string">"https://www.example.com"</span>))
.insert_header((header::ACCESS_CONTROL_REQUEST_METHOD, <span class="string">"POST"</span>))
.insert_header((
header::ACCESS_CONTROL_REQUEST_HEADERS,
<span class="string">"AUTHORIZATION,ACCEPT"</span>,
))
.to_srv_request();
<span class="kw">let </span>resp = test::call_service(<span class="kw-2">&amp;</span>cors, req).<span class="kw">await</span>;
<span class="macro">assert_eq!</span>(resp.status(), StatusCode::OK);
}
<span class="attr">#[actix_web::test]
</span><span class="kw">async fn </span>allow_fn_origin_equals_head_origin() {
<span class="kw">let </span>cors = Cors::default()
.allowed_origin_fn(|origin, head| {
<span class="kw">let </span>head_origin = head
.headers()
.get(header::ORIGIN)
.expect(<span class="string">"unwrapping origin header should never fail in allowed_origin_fn"</span>);
<span class="macro">assert!</span>(origin == head_origin);
<span class="bool-val">true
</span>})
.allow_any_method()
.allow_any_header()
.new_transform(test::status_service(StatusCode::NO_CONTENT))
.<span class="kw">await
</span>.unwrap();
<span class="kw">let </span>req = TestRequest::default()
.method(Method::OPTIONS)
.insert_header((<span class="string">"Origin"</span>, <span class="string">"https://www.example.com"</span>))
.insert_header((header::ACCESS_CONTROL_REQUEST_METHOD, <span class="string">"POST"</span>))
.to_srv_request();
<span class="kw">let </span>resp = test::call_service(<span class="kw-2">&amp;</span>cors, req).<span class="kw">await</span>;
<span class="macro">assert_eq!</span>(resp.status(), StatusCode::OK);
<span class="kw">let </span>req = TestRequest::default()
.method(Method::GET)
.insert_header((<span class="string">"Origin"</span>, <span class="string">"https://www.example.com"</span>))
.to_srv_request();
<span class="kw">let </span>resp = test::call_service(<span class="kw-2">&amp;</span>cors, req).<span class="kw">await</span>;
<span class="macro">assert_eq!</span>(resp.status(), StatusCode::NO_CONTENT);
}
}
</code></pre></div></section></main></body></html>
Reference in New Issue View Git Blame Copy Permalink