1
0
mirror of https://github.com/actix/actix-extras.git synced 2024-11-23 15:51:06 +01:00
actix-extras/actix-cors
John Vandenberg 48646d1bd3
build(deps): update derive_more to v1.0 (#458)
* build(deps): update derive_more to v1.0

* chore: remove overspecified deps

* chore: use from the derive module

* chore: restore unrelated version reqs

---------

Co-authored-by: Rob Ede <robjtede@icloud.com>
2024-08-18 14:21:56 +00:00
..
examples Add block_on_origin_mismatch option to middleware (#287) 2022-09-21 23:22:20 +00:00
src build(deps): update derive_more to v1.0 (#458) 2024-08-18 14:21:56 +00:00
tests fix!(cors): default block_on_origin_mismatch to false (#379) 2024-01-06 20:40:44 +00:00
Cargo.toml build(deps): update derive_more to v1.0 (#458) 2024-08-18 14:21:56 +00:00
CHANGES.md chore(actix-cors): prepare release 0.7.0 2024-01-06 21:13:26 +00:00
LICENSE-APACHE Move cors middleware to actix-cors crate 2019-06-15 09:34:16 +06:00
LICENSE-MIT Move cors middleware to actix-cors crate 2019-06-15 09:34:16 +06:00
README.md doc(actix-cors): update MSRV (#395) 2024-01-31 16:18:13 +00:00

actix-cors

crates.io Documentation Version MIT or Apache 2.0 licensed
Dependency Status Download Chat on Discord

Cross-Origin Resource Sharing (CORS) controls for Actix Web.

This middleware can be applied to both applications and resources. Once built, a [Cors] builder can be used as an argument for Actix Web's App::wrap(), Scope::wrap(), or Resource::wrap() methods.

This CORS middleware automatically handles OPTIONS preflight requests.

Crate Features

  • draft-private-network-access: ⚠️ Unstable. Adds opt-in support for the Private Network Access spec extensions. This feature is unstable since it will follow breaking changes in the draft spec until it is finalized.

Example

use actix_cors::Cors;
use actix_web::{get, http, web, App, HttpRequest, HttpResponse, HttpServer};

#[get("/index.html")]
async fn index(req: HttpRequest) -> &'static str {
    "<p>Hello World!</p>"
}

#[actix_web::main]
async fn main() -> std::io::Result<()> {
    HttpServer::new(|| {
        let cors = Cors::default()
            .allowed_origin("https://www.rust-lang.org")
            .allowed_origin_fn(|origin, _req_head| {
                origin.as_bytes().ends_with(b".rust-lang.org")
            })
            .allowed_methods(vec!["GET", "POST"])
            .allowed_headers(vec![http::header::AUTHORIZATION, http::header::ACCEPT])
            .allowed_header(http::header::CONTENT_TYPE)
            .max_age(3600);

        App::new()
            .wrap(cors)
            .service(index)
    })
    .bind(("127.0.0.1", 8080))?
    .run()
    .await;

    Ok(())
}

Documentation & Resources