actix/actix-extras
1
0
Fork 0
mirror of https://github.com/actix/actix-extras.git synced 2025-09-02 13:06:38 +02:00
Code Issues Releases Wiki Activity
Files
c9ec312fad1fec81504f607e9b16c2c9c8b3a3b6
actix-extras/src/actix_cors/builder.rs.html
github-merge-queue[bot] c9ec312fad Deploying to gh-pages from @ actix/actix-extras@cd3e5f9772 🚀
2023-09-25 15:31:37 +00:00

1369 lines
60 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `actix-cors/src/builder.rs`."><title>builder.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/SourceSerif4-Regular-46f98efaafac5295.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/FiraSans-Regular-018c141bf0843ffd.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/FiraSans-Medium-8f9a781e4970d388.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/SourceCodePro-Regular-562dcc5011b6de7d.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/SourceSerif4-Bold-a2c9cd1067f8b328.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/SourceCodePro-Semibold-d899c5a5c4aeb14a.ttf.woff2"><link rel="stylesheet" href="../../static.files/normalize-76eba96aa4d2e634.css"><link rel="stylesheet" href="../../static.files/rustdoc-fa3bb1812debf86c.css"><meta name="rustdoc-vars" data-root-path="../../" data-static-root-path="../../static.files/" data-current-crate="actix_cors" data-themes="" data-resource-suffix="" data-rustdoc-version="1.74.0-nightly (37390d656 2023-09-24)" data-channel="nightly" data-search-js="search-8be46b629f5f14a8.js" data-settings-js="settings-74424d7eec62a23e.js" ><script src="../../static.files/storage-fec3eaa3851e447d.js"></script><script defer src="../../static.files/src-script-3280b574d94e47b4.js"></script><script defer src="../../src-files.js"></script><script defer src="../../static.files/main-c5bd66d33317d69f.js"></script><noscript><link rel="stylesheet" href="../../static.files/noscript-5d8b3c7633ad77ba.css"></noscript><link rel="icon" href="https://actix.rs/favicon.ico"></head><body class="rustdoc src"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"></nav><main><nav class="sub"><a class="sub-logo-container" href="../../actix_cors/index.html"><img src="https://actix.rs/img/logo.png" alt="logo"></a><form class="search-form"><span></span><input class="search-input" name="search" aria-label="Run search in the documentation" autocomplete="off" spellcheck="false" placeholder="Click or press S to search, ? for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../static.files/wheel-7b819b6101059cd0.svg"></a></div></form></nav><section id="main-content" class="content"><div class="example-wrap"><div data-nosnippet><pre class="src-line-numbers"><a href="#1" id="1">1</a>
<a href="#2" id="2">2</a>
<a href="#3" id="3">3</a>
<a href="#4" id="4">4</a>
<a href="#5" id="5">5</a>
<a href="#6" id="6">6</a>
<a href="#7" id="7">7</a>
<a href="#8" id="8">8</a>
<a href="#9" id="9">9</a>
<a href="#10" id="10">10</a>
<a href="#11" id="11">11</a>
<a href="#12" id="12">12</a>
<a href="#13" id="13">13</a>
<a href="#14" id="14">14</a>
<a href="#15" id="15">15</a>
<a href="#16" id="16">16</a>
<a href="#17" id="17">17</a>
<a href="#18" id="18">18</a>
<a href="#19" id="19">19</a>
<a href="#20" id="20">20</a>
<a href="#21" id="21">21</a>
<a href="#22" id="22">22</a>
<a href="#23" id="23">23</a>
<a href="#24" id="24">24</a>
<a href="#25" id="25">25</a>
<a href="#26" id="26">26</a>
<a href="#27" id="27">27</a>
<a href="#28" id="28">28</a>
<a href="#29" id="29">29</a>
<a href="#30" id="30">30</a>
<a href="#31" id="31">31</a>
<a href="#32" id="32">32</a>
<a href="#33" id="33">33</a>
<a href="#34" id="34">34</a>
<a href="#35" id="35">35</a>
<a href="#36" id="36">36</a>
<a href="#37" id="37">37</a>
<a href="#38" id="38">38</a>
<a href="#39" id="39">39</a>
<a href="#40" id="40">40</a>
<a href="#41" id="41">41</a>
<a href="#42" id="42">42</a>
<a href="#43" id="43">43</a>
<a href="#44" id="44">44</a>
<a href="#45" id="45">45</a>
<a href="#46" id="46">46</a>
<a href="#47" id="47">47</a>
<a href="#48" id="48">48</a>
<a href="#49" id="49">49</a>
<a href="#50" id="50">50</a>
<a href="#51" id="51">51</a>
<a href="#52" id="52">52</a>
<a href="#53" id="53">53</a>
<a href="#54" id="54">54</a>
<a href="#55" id="55">55</a>
<a href="#56" id="56">56</a>
<a href="#57" id="57">57</a>
<a href="#58" id="58">58</a>
<a href="#59" id="59">59</a>
<a href="#60" id="60">60</a>
<a href="#61" id="61">61</a>
<a href="#62" id="62">62</a>
<a href="#63" id="63">63</a>
<a href="#64" id="64">64</a>
<a href="#65" id="65">65</a>
<a href="#66" id="66">66</a>
<a href="#67" id="67">67</a>
<a href="#68" id="68">68</a>
<a href="#69" id="69">69</a>
<a href="#70" id="70">70</a>
<a href="#71" id="71">71</a>
<a href="#72" id="72">72</a>
<a href="#73" id="73">73</a>
<a href="#74" id="74">74</a>
<a href="#75" id="75">75</a>
<a href="#76" id="76">76</a>
<a href="#77" id="77">77</a>
<a href="#78" id="78">78</a>
<a href="#79" id="79">79</a>
<a href="#80" id="80">80</a>
<a href="#81" id="81">81</a>
<a href="#82" id="82">82</a>
<a href="#83" id="83">83</a>
<a href="#84" id="84">84</a>
<a href="#85" id="85">85</a>
<a href="#86" id="86">86</a>
<a href="#87" id="87">87</a>
<a href="#88" id="88">88</a>
<a href="#89" id="89">89</a>
<a href="#90" id="90">90</a>
<a href="#91" id="91">91</a>
<a href="#92" id="92">92</a>
<a href="#93" id="93">93</a>
<a href="#94" id="94">94</a>
<a href="#95" id="95">95</a>
<a href="#96" id="96">96</a>
<a href="#97" id="97">97</a>
<a href="#98" id="98">98</a>
<a href="#99" id="99">99</a>
<a href="#100" id="100">100</a>
<a href="#101" id="101">101</a>
<a href="#102" id="102">102</a>
<a href="#103" id="103">103</a>
<a href="#104" id="104">104</a>
<a href="#105" id="105">105</a>
<a href="#106" id="106">106</a>
<a href="#107" id="107">107</a>
<a href="#108" id="108">108</a>
<a href="#109" id="109">109</a>
<a href="#110" id="110">110</a>
<a href="#111" id="111">111</a>
<a href="#112" id="112">112</a>
<a href="#113" id="113">113</a>
<a href="#114" id="114">114</a>
<a href="#115" id="115">115</a>
<a href="#116" id="116">116</a>
<a href="#117" id="117">117</a>
<a href="#118" id="118">118</a>
<a href="#119" id="119">119</a>
<a href="#120" id="120">120</a>
<a href="#121" id="121">121</a>
<a href="#122" id="122">122</a>
<a href="#123" id="123">123</a>
<a href="#124" id="124">124</a>
<a href="#125" id="125">125</a>
<a href="#126" id="126">126</a>
<a href="#127" id="127">127</a>
<a href="#128" id="128">128</a>
<a href="#129" id="129">129</a>
<a href="#130" id="130">130</a>
<a href="#131" id="131">131</a>
<a href="#132" id="132">132</a>
<a href="#133" id="133">133</a>
<a href="#134" id="134">134</a>
<a href="#135" id="135">135</a>
<a href="#136" id="136">136</a>
<a href="#137" id="137">137</a>
<a href="#138" id="138">138</a>
<a href="#139" id="139">139</a>
<a href="#140" id="140">140</a>
<a href="#141" id="141">141</a>
<a href="#142" id="142">142</a>
<a href="#143" id="143">143</a>
<a href="#144" id="144">144</a>
<a href="#145" id="145">145</a>
<a href="#146" id="146">146</a>
<a href="#147" id="147">147</a>
<a href="#148" id="148">148</a>
<a href="#149" id="149">149</a>
<a href="#150" id="150">150</a>
<a href="#151" id="151">151</a>
<a href="#152" id="152">152</a>
<a href="#153" id="153">153</a>
<a href="#154" id="154">154</a>
<a href="#155" id="155">155</a>
<a href="#156" id="156">156</a>
<a href="#157" id="157">157</a>
<a href="#158" id="158">158</a>
<a href="#159" id="159">159</a>
<a href="#160" id="160">160</a>
<a href="#161" id="161">161</a>
<a href="#162" id="162">162</a>
<a href="#163" id="163">163</a>
<a href="#164" id="164">164</a>
<a href="#165" id="165">165</a>
<a href="#166" id="166">166</a>
<a href="#167" id="167">167</a>
<a href="#168" id="168">168</a>
<a href="#169" id="169">169</a>
<a href="#170" id="170">170</a>
<a href="#171" id="171">171</a>
<a href="#172" id="172">172</a>
<a href="#173" id="173">173</a>
<a href="#174" id="174">174</a>
<a href="#175" id="175">175</a>
<a href="#176" id="176">176</a>
<a href="#177" id="177">177</a>
<a href="#178" id="178">178</a>
<a href="#179" id="179">179</a>
<a href="#180" id="180">180</a>
<a href="#181" id="181">181</a>
<a href="#182" id="182">182</a>
<a href="#183" id="183">183</a>
<a href="#184" id="184">184</a>
<a href="#185" id="185">185</a>
<a href="#186" id="186">186</a>
<a href="#187" id="187">187</a>
<a href="#188" id="188">188</a>
<a href="#189" id="189">189</a>
<a href="#190" id="190">190</a>
<a href="#191" id="191">191</a>
<a href="#192" id="192">192</a>
<a href="#193" id="193">193</a>
<a href="#194" id="194">194</a>
<a href="#195" id="195">195</a>
<a href="#196" id="196">196</a>
<a href="#197" id="197">197</a>
<a href="#198" id="198">198</a>
<a href="#199" id="199">199</a>
<a href="#200" id="200">200</a>
<a href="#201" id="201">201</a>
<a href="#202" id="202">202</a>
<a href="#203" id="203">203</a>
<a href="#204" id="204">204</a>
<a href="#205" id="205">205</a>
<a href="#206" id="206">206</a>
<a href="#207" id="207">207</a>
<a href="#208" id="208">208</a>
<a href="#209" id="209">209</a>
<a href="#210" id="210">210</a>
<a href="#211" id="211">211</a>
<a href="#212" id="212">212</a>
<a href="#213" id="213">213</a>
<a href="#214" id="214">214</a>
<a href="#215" id="215">215</a>
<a href="#216" id="216">216</a>
<a href="#217" id="217">217</a>
<a href="#218" id="218">218</a>
<a href="#219" id="219">219</a>
<a href="#220" id="220">220</a>
<a href="#221" id="221">221</a>
<a href="#222" id="222">222</a>
<a href="#223" id="223">223</a>
<a href="#224" id="224">224</a>
<a href="#225" id="225">225</a>
<a href="#226" id="226">226</a>
<a href="#227" id="227">227</a>
<a href="#228" id="228">228</a>
<a href="#229" id="229">229</a>
<a href="#230" id="230">230</a>
<a href="#231" id="231">231</a>
<a href="#232" id="232">232</a>
<a href="#233" id="233">233</a>
<a href="#234" id="234">234</a>
<a href="#235" id="235">235</a>
<a href="#236" id="236">236</a>
<a href="#237" id="237">237</a>
<a href="#238" id="238">238</a>
<a href="#239" id="239">239</a>
<a href="#240" id="240">240</a>
<a href="#241" id="241">241</a>
<a href="#242" id="242">242</a>
<a href="#243" id="243">243</a>
<a href="#244" id="244">244</a>
<a href="#245" id="245">245</a>
<a href="#246" id="246">246</a>
<a href="#247" id="247">247</a>
<a href="#248" id="248">248</a>
<a href="#249" id="249">249</a>
<a href="#250" id="250">250</a>
<a href="#251" id="251">251</a>
<a href="#252" id="252">252</a>
<a href="#253" id="253">253</a>
<a href="#254" id="254">254</a>
<a href="#255" id="255">255</a>
<a href="#256" id="256">256</a>
<a href="#257" id="257">257</a>
<a href="#258" id="258">258</a>
<a href="#259" id="259">259</a>
<a href="#260" id="260">260</a>
<a href="#261" id="261">261</a>
<a href="#262" id="262">262</a>
<a href="#263" id="263">263</a>
<a href="#264" id="264">264</a>
<a href="#265" id="265">265</a>
<a href="#266" id="266">266</a>
<a href="#267" id="267">267</a>
<a href="#268" id="268">268</a>
<a href="#269" id="269">269</a>
<a href="#270" id="270">270</a>
<a href="#271" id="271">271</a>
<a href="#272" id="272">272</a>
<a href="#273" id="273">273</a>
<a href="#274" id="274">274</a>
<a href="#275" id="275">275</a>
<a href="#276" id="276">276</a>
<a href="#277" id="277">277</a>
<a href="#278" id="278">278</a>
<a href="#279" id="279">279</a>
<a href="#280" id="280">280</a>
<a href="#281" id="281">281</a>
<a href="#282" id="282">282</a>
<a href="#283" id="283">283</a>
<a href="#284" id="284">284</a>
<a href="#285" id="285">285</a>
<a href="#286" id="286">286</a>
<a href="#287" id="287">287</a>
<a href="#288" id="288">288</a>
<a href="#289" id="289">289</a>
<a href="#290" id="290">290</a>
<a href="#291" id="291">291</a>
<a href="#292" id="292">292</a>
<a href="#293" id="293">293</a>
<a href="#294" id="294">294</a>
<a href="#295" id="295">295</a>
<a href="#296" id="296">296</a>
<a href="#297" id="297">297</a>
<a href="#298" id="298">298</a>
<a href="#299" id="299">299</a>
<a href="#300" id="300">300</a>
<a href="#301" id="301">301</a>
<a href="#302" id="302">302</a>
<a href="#303" id="303">303</a>
<a href="#304" id="304">304</a>
<a href="#305" id="305">305</a>
<a href="#306" id="306">306</a>
<a href="#307" id="307">307</a>
<a href="#308" id="308">308</a>
<a href="#309" id="309">309</a>
<a href="#310" id="310">310</a>
<a href="#311" id="311">311</a>
<a href="#312" id="312">312</a>
<a href="#313" id="313">313</a>
<a href="#314" id="314">314</a>
<a href="#315" id="315">315</a>
<a href="#316" id="316">316</a>
<a href="#317" id="317">317</a>
<a href="#318" id="318">318</a>
<a href="#319" id="319">319</a>
<a href="#320" id="320">320</a>
<a href="#321" id="321">321</a>
<a href="#322" id="322">322</a>
<a href="#323" id="323">323</a>
<a href="#324" id="324">324</a>
<a href="#325" id="325">325</a>
<a href="#326" id="326">326</a>
<a href="#327" id="327">327</a>
<a href="#328" id="328">328</a>
<a href="#329" id="329">329</a>
<a href="#330" id="330">330</a>
<a href="#331" id="331">331</a>
<a href="#332" id="332">332</a>
<a href="#333" id="333">333</a>
<a href="#334" id="334">334</a>
<a href="#335" id="335">335</a>
<a href="#336" id="336">336</a>
<a href="#337" id="337">337</a>
<a href="#338" id="338">338</a>
<a href="#339" id="339">339</a>
<a href="#340" id="340">340</a>
<a href="#341" id="341">341</a>
<a href="#342" id="342">342</a>
<a href="#343" id="343">343</a>
<a href="#344" id="344">344</a>
<a href="#345" id="345">345</a>
<a href="#346" id="346">346</a>
<a href="#347" id="347">347</a>
<a href="#348" id="348">348</a>
<a href="#349" id="349">349</a>
<a href="#350" id="350">350</a>
<a href="#351" id="351">351</a>
<a href="#352" id="352">352</a>
<a href="#353" id="353">353</a>
<a href="#354" id="354">354</a>
<a href="#355" id="355">355</a>
<a href="#356" id="356">356</a>
<a href="#357" id="357">357</a>
<a href="#358" id="358">358</a>
<a href="#359" id="359">359</a>
<a href="#360" id="360">360</a>
<a href="#361" id="361">361</a>
<a href="#362" id="362">362</a>
<a href="#363" id="363">363</a>
<a href="#364" id="364">364</a>
<a href="#365" id="365">365</a>
<a href="#366" id="366">366</a>
<a href="#367" id="367">367</a>
<a href="#368" id="368">368</a>
<a href="#369" id="369">369</a>
<a href="#370" id="370">370</a>
<a href="#371" id="371">371</a>
<a href="#372" id="372">372</a>
<a href="#373" id="373">373</a>
<a href="#374" id="374">374</a>
<a href="#375" id="375">375</a>
<a href="#376" id="376">376</a>
<a href="#377" id="377">377</a>
<a href="#378" id="378">378</a>
<a href="#379" id="379">379</a>
<a href="#380" id="380">380</a>
<a href="#381" id="381">381</a>
<a href="#382" id="382">382</a>
<a href="#383" id="383">383</a>
<a href="#384" id="384">384</a>
<a href="#385" id="385">385</a>
<a href="#386" id="386">386</a>
<a href="#387" id="387">387</a>
<a href="#388" id="388">388</a>
<a href="#389" id="389">389</a>
<a href="#390" id="390">390</a>
<a href="#391" id="391">391</a>
<a href="#392" id="392">392</a>
<a href="#393" id="393">393</a>
<a href="#394" id="394">394</a>
<a href="#395" id="395">395</a>
<a href="#396" id="396">396</a>
<a href="#397" id="397">397</a>
<a href="#398" id="398">398</a>
<a href="#399" id="399">399</a>
<a href="#400" id="400">400</a>
<a href="#401" id="401">401</a>
<a href="#402" id="402">402</a>
<a href="#403" id="403">403</a>
<a href="#404" id="404">404</a>
<a href="#405" id="405">405</a>
<a href="#406" id="406">406</a>
<a href="#407" id="407">407</a>
<a href="#408" id="408">408</a>
<a href="#409" id="409">409</a>
<a href="#410" id="410">410</a>
<a href="#411" id="411">411</a>
<a href="#412" id="412">412</a>
<a href="#413" id="413">413</a>
<a href="#414" id="414">414</a>
<a href="#415" id="415">415</a>
<a href="#416" id="416">416</a>
<a href="#417" id="417">417</a>
<a href="#418" id="418">418</a>
<a href="#419" id="419">419</a>
<a href="#420" id="420">420</a>
<a href="#421" id="421">421</a>
<a href="#422" id="422">422</a>
<a href="#423" id="423">423</a>
<a href="#424" id="424">424</a>
<a href="#425" id="425">425</a>
<a href="#426" id="426">426</a>
<a href="#427" id="427">427</a>
<a href="#428" id="428">428</a>
<a href="#429" id="429">429</a>
<a href="#430" id="430">430</a>
<a href="#431" id="431">431</a>
<a href="#432" id="432">432</a>
<a href="#433" id="433">433</a>
<a href="#434" id="434">434</a>
<a href="#435" id="435">435</a>
<a href="#436" id="436">436</a>
<a href="#437" id="437">437</a>
<a href="#438" id="438">438</a>
<a href="#439" id="439">439</a>
<a href="#440" id="440">440</a>
<a href="#441" id="441">441</a>
<a href="#442" id="442">442</a>
<a href="#443" id="443">443</a>
<a href="#444" id="444">444</a>
<a href="#445" id="445">445</a>
<a href="#446" id="446">446</a>
<a href="#447" id="447">447</a>
<a href="#448" id="448">448</a>
<a href="#449" id="449">449</a>
<a href="#450" id="450">450</a>
<a href="#451" id="451">451</a>
<a href="#452" id="452">452</a>
<a href="#453" id="453">453</a>
<a href="#454" id="454">454</a>
<a href="#455" id="455">455</a>
<a href="#456" id="456">456</a>
<a href="#457" id="457">457</a>
<a href="#458" id="458">458</a>
<a href="#459" id="459">459</a>
<a href="#460" id="460">460</a>
<a href="#461" id="461">461</a>
<a href="#462" id="462">462</a>
<a href="#463" id="463">463</a>
<a href="#464" id="464">464</a>
<a href="#465" id="465">465</a>
<a href="#466" id="466">466</a>
<a href="#467" id="467">467</a>
<a href="#468" id="468">468</a>
<a href="#469" id="469">469</a>
<a href="#470" id="470">470</a>
<a href="#471" id="471">471</a>
<a href="#472" id="472">472</a>
<a href="#473" id="473">473</a>
<a href="#474" id="474">474</a>
<a href="#475" id="475">475</a>
<a href="#476" id="476">476</a>
<a href="#477" id="477">477</a>
<a href="#478" id="478">478</a>
<a href="#479" id="479">479</a>
<a href="#480" id="480">480</a>
<a href="#481" id="481">481</a>
<a href="#482" id="482">482</a>
<a href="#483" id="483">483</a>
<a href="#484" id="484">484</a>
<a href="#485" id="485">485</a>
<a href="#486" id="486">486</a>
<a href="#487" id="487">487</a>
<a href="#488" id="488">488</a>
<a href="#489" id="489">489</a>
<a href="#490" id="490">490</a>
<a href="#491" id="491">491</a>
<a href="#492" id="492">492</a>
<a href="#493" id="493">493</a>
<a href="#494" id="494">494</a>
<a href="#495" id="495">495</a>
<a href="#496" id="496">496</a>
<a href="#497" id="497">497</a>
<a href="#498" id="498">498</a>
<a href="#499" id="499">499</a>
<a href="#500" id="500">500</a>
<a href="#501" id="501">501</a>
<a href="#502" id="502">502</a>
<a href="#503" id="503">503</a>
<a href="#504" id="504">504</a>
<a href="#505" id="505">505</a>
<a href="#506" id="506">506</a>
<a href="#507" id="507">507</a>
<a href="#508" id="508">508</a>
<a href="#509" id="509">509</a>
<a href="#510" id="510">510</a>
<a href="#511" id="511">511</a>
<a href="#512" id="512">512</a>
<a href="#513" id="513">513</a>
<a href="#514" id="514">514</a>
<a href="#515" id="515">515</a>
<a href="#516" id="516">516</a>
<a href="#517" id="517">517</a>
<a href="#518" id="518">518</a>
<a href="#519" id="519">519</a>
<a href="#520" id="520">520</a>
<a href="#521" id="521">521</a>
<a href="#522" id="522">522</a>
<a href="#523" id="523">523</a>
<a href="#524" id="524">524</a>
<a href="#525" id="525">525</a>
<a href="#526" id="526">526</a>
<a href="#527" id="527">527</a>
<a href="#528" id="528">528</a>
<a href="#529" id="529">529</a>
<a href="#530" id="530">530</a>
<a href="#531" id="531">531</a>
<a href="#532" id="532">532</a>
<a href="#533" id="533">533</a>
<a href="#534" id="534">534</a>
<a href="#535" id="535">535</a>
<a href="#536" id="536">536</a>
<a href="#537" id="537">537</a>
<a href="#538" id="538">538</a>
<a href="#539" id="539">539</a>
<a href="#540" id="540">540</a>
<a href="#541" id="541">541</a>
<a href="#542" id="542">542</a>
<a href="#543" id="543">543</a>
<a href="#544" id="544">544</a>
<a href="#545" id="545">545</a>
<a href="#546" id="546">546</a>
<a href="#547" id="547">547</a>
<a href="#548" id="548">548</a>
<a href="#549" id="549">549</a>
<a href="#550" id="550">550</a>
<a href="#551" id="551">551</a>
<a href="#552" id="552">552</a>
<a href="#553" id="553">553</a>
<a href="#554" id="554">554</a>
<a href="#555" id="555">555</a>
<a href="#556" id="556">556</a>
<a href="#557" id="557">557</a>
<a href="#558" id="558">558</a>
<a href="#559" id="559">559</a>
<a href="#560" id="560">560</a>
<a href="#561" id="561">561</a>
<a href="#562" id="562">562</a>
<a href="#563" id="563">563</a>
<a href="#564" id="564">564</a>
<a href="#565" id="565">565</a>
<a href="#566" id="566">566</a>
<a href="#567" id="567">567</a>
<a href="#568" id="568">568</a>
<a href="#569" id="569">569</a>
<a href="#570" id="570">570</a>
<a href="#571" id="571">571</a>
<a href="#572" id="572">572</a>
<a href="#573" id="573">573</a>
<a href="#574" id="574">574</a>
<a href="#575" id="575">575</a>
<a href="#576" id="576">576</a>
<a href="#577" id="577">577</a>
<a href="#578" id="578">578</a>
<a href="#579" id="579">579</a>
<a href="#580" id="580">580</a>
<a href="#581" id="581">581</a>
<a href="#582" id="582">582</a>
<a href="#583" id="583">583</a>
<a href="#584" id="584">584</a>
<a href="#585" id="585">585</a>
<a href="#586" id="586">586</a>
<a href="#587" id="587">587</a>
<a href="#588" id="588">588</a>
<a href="#589" id="589">589</a>
<a href="#590" id="590">590</a>
<a href="#591" id="591">591</a>
<a href="#592" id="592">592</a>
<a href="#593" id="593">593</a>
<a href="#594" id="594">594</a>
<a href="#595" id="595">595</a>
<a href="#596" id="596">596</a>
<a href="#597" id="597">597</a>
<a href="#598" id="598">598</a>
<a href="#599" id="599">599</a>
<a href="#600" id="600">600</a>
<a href="#601" id="601">601</a>
<a href="#602" id="602">602</a>
<a href="#603" id="603">603</a>
<a href="#604" id="604">604</a>
<a href="#605" id="605">605</a>
<a href="#606" id="606">606</a>
<a href="#607" id="607">607</a>
<a href="#608" id="608">608</a>
<a href="#609" id="609">609</a>
<a href="#610" id="610">610</a>
<a href="#611" id="611">611</a>
<a href="#612" id="612">612</a>
<a href="#613" id="613">613</a>
<a href="#614" id="614">614</a>
<a href="#615" id="615">615</a>
<a href="#616" id="616">616</a>
<a href="#617" id="617">617</a>
<a href="#618" id="618">618</a>
<a href="#619" id="619">619</a>
<a href="#620" id="620">620</a>
<a href="#621" id="621">621</a>
<a href="#622" id="622">622</a>
<a href="#623" id="623">623</a>
<a href="#624" id="624">624</a>
<a href="#625" id="625">625</a>
<a href="#626" id="626">626</a>
<a href="#627" id="627">627</a>
<a href="#628" id="628">628</a>
<a href="#629" id="629">629</a>
<a href="#630" id="630">630</a>
<a href="#631" id="631">631</a>
<a href="#632" id="632">632</a>
<a href="#633" id="633">633</a>
<a href="#634" id="634">634</a>
<a href="#635" id="635">635</a>
<a href="#636" id="636">636</a>
<a href="#637" id="637">637</a>
<a href="#638" id="638">638</a>
<a href="#639" id="639">639</a>
<a href="#640" id="640">640</a>
<a href="#641" id="641">641</a>
<a href="#642" id="642">642</a>
<a href="#643" id="643">643</a>
<a href="#644" id="644">644</a>
<a href="#645" id="645">645</a>
<a href="#646" id="646">646</a>
<a href="#647" id="647">647</a>
<a href="#648" id="648">648</a>
<a href="#649" id="649">649</a>
<a href="#650" id="650">650</a>
<a href="#651" id="651">651</a>
<a href="#652" id="652">652</a>
<a href="#653" id="653">653</a>
<a href="#654" id="654">654</a>
<a href="#655" id="655">655</a>
<a href="#656" id="656">656</a>
<a href="#657" id="657">657</a>
<a href="#658" id="658">658</a>
<a href="#659" id="659">659</a>
<a href="#660" id="660">660</a>
<a href="#661" id="661">661</a>
<a href="#662" id="662">662</a>
<a href="#663" id="663">663</a>
<a href="#664" id="664">664</a>
<a href="#665" id="665">665</a>
<a href="#666" id="666">666</a>
<a href="#667" id="667">667</a>
<a href="#668" id="668">668</a>
<a href="#669" id="669">669</a>
<a href="#670" id="670">670</a>
<a href="#671" id="671">671</a>
<a href="#672" id="672">672</a>
<a href="#673" id="673">673</a>
<a href="#674" id="674">674</a>
<a href="#675" id="675">675</a>
<a href="#676" id="676">676</a>
<a href="#677" id="677">677</a>
<a href="#678" id="678">678</a>
<a href="#679" id="679">679</a>
<a href="#680" id="680">680</a>
<a href="#681" id="681">681</a>
<a href="#682" id="682">682</a>
<a href="#683" id="683">683</a>
<a href="#684" id="684">684</a>
</pre></div><pre class="rust"><code><span class="kw">use </span>std::{collections::HashSet, convert::TryInto, iter::FromIterator, rc::Rc};
<span class="kw">use </span>actix_utils::future::{<span class="self">self</span>, Ready};
<span class="kw">use </span>actix_web::{
body::{EitherBody, MessageBody},
dev::{RequestHead, Service, ServiceRequest, ServiceResponse, Transform},
error::HttpError,
http::{
header::{HeaderName, HeaderValue},
Method, Uri,
},
Either, Error, <span class="prelude-ty">Result</span>,
};
<span class="kw">use </span>log::error;
<span class="kw">use </span>once_cell::sync::Lazy;
<span class="kw">use </span>smallvec::smallvec;
<span class="kw">use crate</span>::{AllOrSome, CorsError, CorsMiddleware, Inner, OriginFn};
<span class="doccomment">/// Convenience for getting mut refs to inner. Cleaner than `Rc::get_mut`.
/// Additionally, always causes first error (if any) to be reported during initialization.
</span><span class="kw">fn </span>cors&lt;<span class="lifetime">&#39;a</span>&gt;(
inner: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span><span class="kw-2">mut </span>Rc&lt;Inner&gt;,
err: <span class="kw-2">&amp;</span><span class="prelude-ty">Option</span>&lt;Either&lt;HttpError, CorsError&gt;&gt;,
) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span><span class="kw-2">mut </span>Inner&gt; {
<span class="kw">if </span>err.is_some() {
<span class="kw">return </span><span class="prelude-val">None</span>;
}
Rc::get_mut(inner)
}
<span class="kw">static </span>ALL_METHODS_SET: Lazy&lt;HashSet&lt;Method&gt;&gt; = Lazy::new(|| {
HashSet::from_iter(<span class="macro">vec!</span>[
Method::GET,
Method::POST,
Method::PUT,
Method::DELETE,
Method::HEAD,
Method::OPTIONS,
Method::CONNECT,
Method::PATCH,
Method::TRACE,
])
});
<span class="doccomment">/// Builder for CORS middleware.
///
/// To construct a CORS middleware, call [`Cors::default()`] to create a blank, restrictive builder.
/// Then use any of the builder methods to customize CORS behavior.
///
/// The alternative [`Cors::permissive()`] constructor is available for local development, allowing
/// all origins and headers, etc. **The permissive constructor should not be used in production.**
///
/// # Errors
/// Errors surface in the middleware initialization phase. This means that, if you have logs enabled
/// in Actix Web (using `env_logger` or other crate that exposes logs from the `log` crate), error
/// messages will outline what is wrong with the CORS configuration in the server logs and the
/// server will fail to start up or serve requests.
///
/// # Example
/// ```
/// use actix_cors::Cors;
/// use actix_web::http::header;
///
/// let cors = Cors::default()
/// .allowed_origin(&quot;https://www.rust-lang.org&quot;)
/// .allowed_methods(vec![&quot;GET&quot;, &quot;POST&quot;])
/// .allowed_headers(vec![header::AUTHORIZATION, header::ACCEPT])
/// .allowed_header(header::CONTENT_TYPE)
/// .max_age(3600);
///
/// // `cors` can now be used in `App::wrap`.
/// ```
</span><span class="attr">#[derive(Debug)]
</span><span class="kw">pub struct </span>Cors {
inner: Rc&lt;Inner&gt;,
error: <span class="prelude-ty">Option</span>&lt;Either&lt;HttpError, CorsError&gt;&gt;,
}
<span class="kw">impl </span>Cors {
<span class="doccomment">/// A very permissive set of default for quick development. Not recommended for production use.
///
/// *All* origins, methods, request headers and exposed headers allowed. Credentials supported.
/// Max age 1 hour. Does not send wildcard.
</span><span class="kw">pub fn </span>permissive() -&gt; <span class="self">Self </span>{
<span class="kw">let </span>inner = Inner {
allowed_origins: AllOrSome::All,
allowed_origins_fns: <span class="macro">smallvec!</span>[],
allowed_methods: ALL_METHODS_SET.clone(),
allowed_methods_baked: <span class="prelude-val">None</span>,
allowed_headers: AllOrSome::All,
allowed_headers_baked: <span class="prelude-val">None</span>,
expose_headers: AllOrSome::All,
expose_headers_baked: <span class="prelude-val">None</span>,
max_age: <span class="prelude-val">Some</span>(<span class="number">3600</span>),
preflight: <span class="bool-val">true</span>,
send_wildcard: <span class="bool-val">false</span>,
supports_credentials: <span class="bool-val">true</span>,
<span class="attr">#[cfg(feature = <span class="string">&quot;draft-private-network-access&quot;</span>)]
</span>allow_private_network_access: <span class="bool-val">false</span>,
vary_header: <span class="bool-val">true</span>,
block_on_origin_mismatch: <span class="bool-val">true</span>,
};
Cors {
inner: Rc::new(inner),
error: <span class="prelude-val">None</span>,
}
}
<span class="doccomment">/// Resets allowed origin list to a state where any origin is accepted.
///
/// See [`Cors::allowed_origin`] for more info on allowed origins.
</span><span class="kw">pub fn </span>allow_any_origin(<span class="kw-2">mut </span><span class="self">self</span>) -&gt; Cors {
<span class="kw">if let </span><span class="prelude-val">Some</span>(cors) = cors(<span class="kw-2">&amp;mut </span><span class="self">self</span>.inner, <span class="kw-2">&amp;</span><span class="self">self</span>.error) {
cors.allowed_origins = AllOrSome::All;
}
<span class="self">self
</span>}
<span class="doccomment">/// Add an origin that is allowed to make requests.
///
/// This method allows specifying a finite set of origins to verify the value of the `Origin`
/// request header. These are `origin-or-null` types in the [Fetch Standard].
///
/// By default, no origins are accepted.
///
/// When this list is set, the client&#39;s `Origin` request header will be checked in a
/// case-sensitive manner.
///
/// When all origins are allowed and `send_wildcard` is set, `*` will be sent in the
/// `Access-Control-Allow-Origin` response header. If `send_wildcard` is not set, the client&#39;s
/// `Origin` request header will be echoed back in the `Access-Control-Allow-Origin`
/// response header.
///
/// If the origin of the request doesn&#39;t match any allowed origins and at least one
/// `allowed_origin_fn` function is set, these functions will be used to determinate
/// allowed origins.
///
/// # Initialization Errors
/// - If supplied origin is not valid uri
/// - If supplied origin is a wildcard (`*`). [`Cors::send_wildcard`] should be used instead.
///
/// [Fetch Standard]: https://fetch.spec.whatwg.org/#origin-header
</span><span class="kw">pub fn </span>allowed_origin(<span class="kw-2">mut </span><span class="self">self</span>, origin: <span class="kw-2">&amp;</span>str) -&gt; Cors {
<span class="kw">if let </span><span class="prelude-val">Some</span>(cors) = cors(<span class="kw-2">&amp;mut </span><span class="self">self</span>.inner, <span class="kw-2">&amp;</span><span class="self">self</span>.error) {
<span class="kw">match </span>TryInto::&lt;Uri&gt;::try_into(origin) {
<span class="prelude-val">Ok</span>(<span class="kw">_</span>) <span class="kw">if </span>origin == <span class="string">&quot;*&quot; </span>=&gt; {
<span class="macro">error!</span>(<span class="string">&quot;Wildcard in `allowed_origin` is not allowed. Use `send_wildcard`.&quot;</span>);
<span class="self">self</span>.error = <span class="prelude-val">Some</span>(Either::Right(CorsError::WildcardOrigin));
}
<span class="prelude-val">Ok</span>(<span class="kw">_</span>) =&gt; {
<span class="kw">if </span>cors.allowed_origins.is_all() {
cors.allowed_origins = AllOrSome::Some(HashSet::with_capacity(<span class="number">8</span>));
}
<span class="kw">if let </span><span class="prelude-val">Some</span>(origins) = cors.allowed_origins.as_mut() {
<span class="comment">// any uri is a valid header value
</span><span class="kw">let </span>hv = origin.try_into().unwrap();
origins.insert(hv);
}
}
<span class="prelude-val">Err</span>(err) =&gt; {
<span class="self">self</span>.error = <span class="prelude-val">Some</span>(Either::Left(err.into()));
}
}
}
<span class="self">self
</span>}
<span class="doccomment">/// Determinate allowed origins by processing requests which didn&#39;t match any origins specified
/// in the `allowed_origin`.
///
/// The function will receive two parameters, the Origin header value, and the `RequestHead` of
/// each request, which can be used to determine whether to allow the request or not.
///
/// If the function returns `true`, the client&#39;s `Origin` request header will be echoed back
/// into the `Access-Control-Allow-Origin` response header.
</span><span class="kw">pub fn </span>allowed_origin_fn&lt;F&gt;(<span class="kw-2">mut </span><span class="self">self</span>, f: F) -&gt; Cors
<span class="kw">where
</span>F: (Fn(<span class="kw-2">&amp;</span>HeaderValue, <span class="kw-2">&amp;</span>RequestHead) -&gt; bool) + <span class="lifetime">&#39;static</span>,
{
<span class="kw">if let </span><span class="prelude-val">Some</span>(cors) = cors(<span class="kw-2">&amp;mut </span><span class="self">self</span>.inner, <span class="kw-2">&amp;</span><span class="self">self</span>.error) {
cors.allowed_origins_fns.push(OriginFn {
boxed_fn: Rc::new(f),
});
}
<span class="self">self
</span>}
<span class="doccomment">/// Resets allowed methods list to all methods.
///
/// See [`Cors::allowed_methods`] for more info on allowed methods.
</span><span class="kw">pub fn </span>allow_any_method(<span class="kw-2">mut </span><span class="self">self</span>) -&gt; Cors {
<span class="kw">if let </span><span class="prelude-val">Some</span>(cors) = cors(<span class="kw-2">&amp;mut </span><span class="self">self</span>.inner, <span class="kw-2">&amp;</span><span class="self">self</span>.error) {
cors.allowed_methods = ALL_METHODS_SET.clone();
}
<span class="self">self
</span>}
<span class="doccomment">/// Set a list of methods which allowed origins can perform.
///
/// These will be sent in the `Access-Control-Allow-Methods` response header as specified in
/// the [Fetch Standard CORS protocol].
///
/// This defaults to an empty set.
///
/// [Fetch Standard CORS protocol]: https://fetch.spec.whatwg.org/#http-cors-protocol
</span><span class="kw">pub fn </span>allowed_methods&lt;U, M&gt;(<span class="kw-2">mut </span><span class="self">self</span>, methods: U) -&gt; Cors
<span class="kw">where
</span>U: IntoIterator&lt;Item = M&gt;,
M: TryInto&lt;Method&gt;,
&lt;M <span class="kw">as </span>TryInto&lt;Method&gt;&gt;::Error: Into&lt;HttpError&gt;,
{
<span class="kw">if let </span><span class="prelude-val">Some</span>(cors) = cors(<span class="kw-2">&amp;mut </span><span class="self">self</span>.inner, <span class="kw-2">&amp;</span><span class="self">self</span>.error) {
<span class="kw">for </span>m <span class="kw">in </span>methods {
<span class="kw">match </span>m.try_into() {
<span class="prelude-val">Ok</span>(method) =&gt; {
cors.allowed_methods.insert(method);
}
<span class="prelude-val">Err</span>(err) =&gt; {
<span class="self">self</span>.error = <span class="prelude-val">Some</span>(Either::Left(err.into()));
<span class="kw">break</span>;
}
}
}
}
<span class="self">self
</span>}
<span class="doccomment">/// Resets allowed request header list to a state where any header is accepted.
///
/// See [`Cors::allowed_headers`] for more info on allowed request headers.
</span><span class="kw">pub fn </span>allow_any_header(<span class="kw-2">mut </span><span class="self">self</span>) -&gt; Cors {
<span class="kw">if let </span><span class="prelude-val">Some</span>(cors) = cors(<span class="kw-2">&amp;mut </span><span class="self">self</span>.inner, <span class="kw-2">&amp;</span><span class="self">self</span>.error) {
cors.allowed_headers = AllOrSome::All;
}
<span class="self">self
</span>}
<span class="doccomment">/// Add an allowed request header.
///
/// See [`Cors::allowed_headers`] for more info on allowed request headers.
</span><span class="kw">pub fn </span>allowed_header&lt;H&gt;(<span class="kw-2">mut </span><span class="self">self</span>, header: H) -&gt; Cors
<span class="kw">where
</span>H: TryInto&lt;HeaderName&gt;,
&lt;H <span class="kw">as </span>TryInto&lt;HeaderName&gt;&gt;::Error: Into&lt;HttpError&gt;,
{
<span class="kw">if let </span><span class="prelude-val">Some</span>(cors) = cors(<span class="kw-2">&amp;mut </span><span class="self">self</span>.inner, <span class="kw-2">&amp;</span><span class="self">self</span>.error) {
<span class="kw">match </span>header.try_into() {
<span class="prelude-val">Ok</span>(method) =&gt; {
<span class="kw">if </span>cors.allowed_headers.is_all() {
cors.allowed_headers = AllOrSome::Some(HashSet::with_capacity(<span class="number">8</span>));
}
<span class="kw">if let </span>AllOrSome::Some(<span class="kw-2">ref mut </span>headers) = cors.allowed_headers {
headers.insert(method);
}
}
<span class="prelude-val">Err</span>(err) =&gt; <span class="self">self</span>.error = <span class="prelude-val">Some</span>(Either::Left(err.into())),
}
}
<span class="self">self
</span>}
<span class="doccomment">/// Set a list of request header field names which can be used when this resource is accessed by
/// allowed origins.
///
/// If `All` is set, whatever is requested by the client in `Access-Control-Request-Headers`
/// will be echoed back in the `Access-Control-Allow-Headers` header as specified in
/// the [Fetch Standard CORS protocol].
///
/// This defaults to an empty set.
///
/// [Fetch Standard CORS protocol]: https://fetch.spec.whatwg.org/#http-cors-protocol
</span><span class="kw">pub fn </span>allowed_headers&lt;U, H&gt;(<span class="kw-2">mut </span><span class="self">self</span>, headers: U) -&gt; Cors
<span class="kw">where
</span>U: IntoIterator&lt;Item = H&gt;,
H: TryInto&lt;HeaderName&gt;,
&lt;H <span class="kw">as </span>TryInto&lt;HeaderName&gt;&gt;::Error: Into&lt;HttpError&gt;,
{
<span class="kw">if let </span><span class="prelude-val">Some</span>(cors) = cors(<span class="kw-2">&amp;mut </span><span class="self">self</span>.inner, <span class="kw-2">&amp;</span><span class="self">self</span>.error) {
<span class="kw">for </span>h <span class="kw">in </span>headers {
<span class="kw">match </span>h.try_into() {
<span class="prelude-val">Ok</span>(method) =&gt; {
<span class="kw">if </span>cors.allowed_headers.is_all() {
cors.allowed_headers = AllOrSome::Some(HashSet::with_capacity(<span class="number">8</span>));
}
<span class="kw">if let </span>AllOrSome::Some(<span class="kw-2">ref mut </span>headers) = cors.allowed_headers {
headers.insert(method);
}
}
<span class="prelude-val">Err</span>(err) =&gt; {
<span class="self">self</span>.error = <span class="prelude-val">Some</span>(Either::Left(err.into()));
<span class="kw">break</span>;
}
}
}
}
<span class="self">self
</span>}
<span class="doccomment">/// Resets exposed response header list to a state where all headers are exposed.
///
/// See [`Cors::expose_headers`] for more info on exposed response headers.
</span><span class="kw">pub fn </span>expose_any_header(<span class="kw-2">mut </span><span class="self">self</span>) -&gt; Cors {
<span class="kw">if let </span><span class="prelude-val">Some</span>(cors) = cors(<span class="kw-2">&amp;mut </span><span class="self">self</span>.inner, <span class="kw-2">&amp;</span><span class="self">self</span>.error) {
cors.expose_headers = AllOrSome::All;
}
<span class="self">self
</span>}
<span class="doccomment">/// Set a list of headers which are safe to expose to the API of a CORS API specification.
/// This corresponds to the `Access-Control-Expose-Headers` response header as specified in
/// the [Fetch Standard CORS protocol].
///
/// This defaults to an empty set.
///
/// [Fetch Standard CORS protocol]: https://fetch.spec.whatwg.org/#http-cors-protocol
</span><span class="kw">pub fn </span>expose_headers&lt;U, H&gt;(<span class="kw-2">mut </span><span class="self">self</span>, headers: U) -&gt; Cors
<span class="kw">where
</span>U: IntoIterator&lt;Item = H&gt;,
H: TryInto&lt;HeaderName&gt;,
&lt;H <span class="kw">as </span>TryInto&lt;HeaderName&gt;&gt;::Error: Into&lt;HttpError&gt;,
{
<span class="kw">for </span>h <span class="kw">in </span>headers {
<span class="kw">match </span>h.try_into() {
<span class="prelude-val">Ok</span>(header) =&gt; {
<span class="kw">if let </span><span class="prelude-val">Some</span>(cors) = cors(<span class="kw-2">&amp;mut </span><span class="self">self</span>.inner, <span class="kw-2">&amp;</span><span class="self">self</span>.error) {
<span class="kw">if </span>cors.expose_headers.is_all() {
cors.expose_headers = AllOrSome::Some(HashSet::with_capacity(<span class="number">8</span>));
}
<span class="kw">if let </span>AllOrSome::Some(<span class="kw-2">ref mut </span>headers) = cors.expose_headers {
headers.insert(header);
}
}
}
<span class="prelude-val">Err</span>(err) =&gt; {
<span class="self">self</span>.error = <span class="prelude-val">Some</span>(Either::Left(err.into()));
<span class="kw">break</span>;
}
}
}
<span class="self">self
</span>}
<span class="doccomment">/// Set a maximum time (in seconds) for which this CORS request may be cached. This value is set
/// as the `Access-Control-Max-Age` header as specified in the [Fetch Standard CORS protocol].
///
/// Pass a number (of seconds) or use None to disable sending max age header.
///
/// [Fetch Standard CORS protocol]: https://fetch.spec.whatwg.org/#http-cors-protocol
</span><span class="kw">pub fn </span>max_age(<span class="kw-2">mut </span><span class="self">self</span>, max_age: <span class="kw">impl </span>Into&lt;<span class="prelude-ty">Option</span>&lt;usize&gt;&gt;) -&gt; Cors {
<span class="kw">if let </span><span class="prelude-val">Some</span>(cors) = cors(<span class="kw-2">&amp;mut </span><span class="self">self</span>.inner, <span class="kw-2">&amp;</span><span class="self">self</span>.error) {
cors.max_age = max_age.into();
}
<span class="self">self
</span>}
<span class="doccomment">/// Set to use wildcard origins.
///
/// If send wildcard is set and the `allowed_origins` parameter is `All`, a wildcard
/// `Access-Control-Allow-Origin` response header is sent, rather than the requests
/// `Origin` header.
///
/// This **CANNOT** be used in conjunction with `allowed_origins` set to `All` and
/// `allow_credentials` set to `true`. Depending on the mode of usage, this will either result
/// in an `CorsError::CredentialsWithWildcardOrigin` error during actix launch or runtime.
///
/// Defaults to `false`.
</span><span class="kw">pub fn </span>send_wildcard(<span class="kw-2">mut </span><span class="self">self</span>) -&gt; Cors {
<span class="kw">if let </span><span class="prelude-val">Some</span>(cors) = cors(<span class="kw-2">&amp;mut </span><span class="self">self</span>.inner, <span class="kw-2">&amp;</span><span class="self">self</span>.error) {
cors.send_wildcard = <span class="bool-val">true</span>;
}
<span class="self">self
</span>}
<span class="doccomment">/// Allows users to make authenticated requests
///
/// If true, injects the `Access-Control-Allow-Credentials` header in responses. This allows
/// cookies and credentials to be submitted across domains as specified in
/// the [Fetch Standard CORS protocol].
///
/// This option cannot be used in conjunction with an `allowed_origin` set to `All` and
/// `send_wildcards` set to `true`.
///
/// Defaults to `false`.
///
/// A server initialization error will occur if credentials are allowed, but the Origin is set
/// to send wildcards (`*`); this is not allowed by the CORS protocol.
///
/// [Fetch Standard CORS protocol]: https://fetch.spec.whatwg.org/#http-cors-protocol
</span><span class="kw">pub fn </span>supports_credentials(<span class="kw-2">mut </span><span class="self">self</span>) -&gt; Cors {
<span class="kw">if let </span><span class="prelude-val">Some</span>(cors) = cors(<span class="kw-2">&amp;mut </span><span class="self">self</span>.inner, <span class="kw-2">&amp;</span><span class="self">self</span>.error) {
cors.supports_credentials = <span class="bool-val">true</span>;
}
<span class="self">self
</span>}
<span class="doccomment">/// Allow private network access.
///
/// If true, injects the `Access-Control-Allow-Private-Network: true` header in responses if the
/// request contained the `Access-Control-Request-Private-Network: true` header.
///
/// For more information on this behavior, see the draft [Private Network Access] spec.
///
/// Defaults to `false`.
///
/// [Private Network Access]: https://wicg.github.io/private-network-access
</span><span class="attr">#[cfg(feature = <span class="string">&quot;draft-private-network-access&quot;</span>)]
</span><span class="kw">pub fn </span>allow_private_network_access(<span class="kw-2">mut </span><span class="self">self</span>) -&gt; Cors {
<span class="kw">if let </span><span class="prelude-val">Some</span>(cors) = cors(<span class="kw-2">&amp;mut </span><span class="self">self</span>.inner, <span class="kw-2">&amp;</span><span class="self">self</span>.error) {
cors.allow_private_network_access = <span class="bool-val">true</span>;
}
<span class="self">self
</span>}
<span class="doccomment">/// Disable `Vary` header support.
///
/// When enabled the header `Vary: Origin` will be returned as per the Fetch Standard
/// implementation guidelines.
///
/// Setting this header when the `Access-Control-Allow-Origin` is dynamically generated
/// (eg. when there is more than one allowed origin, and an Origin other than &#39;*&#39; is returned)
/// informs CDNs and other caches that the CORS headers are dynamic, and cannot be cached.
///
/// By default, `Vary` header support is enabled.
</span><span class="kw">pub fn </span>disable_vary_header(<span class="kw-2">mut </span><span class="self">self</span>) -&gt; Cors {
<span class="kw">if let </span><span class="prelude-val">Some</span>(cors) = cors(<span class="kw-2">&amp;mut </span><span class="self">self</span>.inner, <span class="kw-2">&amp;</span><span class="self">self</span>.error) {
cors.vary_header = <span class="bool-val">false</span>;
}
<span class="self">self
</span>}
<span class="doccomment">/// Disable support for preflight requests.
///
/// When enabled CORS middleware automatically handles `OPTIONS` requests.
/// This is useful for application level middleware.
///
/// By default *preflight* support is enabled.
</span><span class="kw">pub fn </span>disable_preflight(<span class="kw-2">mut </span><span class="self">self</span>) -&gt; Cors {
<span class="kw">if let </span><span class="prelude-val">Some</span>(cors) = cors(<span class="kw-2">&amp;mut </span><span class="self">self</span>.inner, <span class="kw-2">&amp;</span><span class="self">self</span>.error) {
cors.preflight = <span class="bool-val">false</span>;
}
<span class="self">self
</span>}
<span class="doccomment">/// Configures whether requests should be pre-emptively blocked on mismatched origin.
///
/// If `true`, a 400 Bad Request is returned immediately when a request fails origin validation.
///
/// If `false`, the request will be processed as normal but relevant CORS headers will not be
/// appended to the response. In this case, the browser is trusted to validate CORS headers and
/// and block requests based on pre-flight requests. Use this setting to allow cURL and other
/// non-browser HTTP clients to function as normal, no matter what `Origin` the request has.
///
/// Defaults to `true`.
</span><span class="kw">pub fn </span>block_on_origin_mismatch(<span class="kw-2">mut </span><span class="self">self</span>, block: bool) -&gt; Cors {
<span class="kw">if let </span><span class="prelude-val">Some</span>(cors) = cors(<span class="kw-2">&amp;mut </span><span class="self">self</span>.inner, <span class="kw-2">&amp;</span><span class="self">self</span>.error) {
cors.block_on_origin_mismatch = block;
}
<span class="self">self
</span>}
}
<span class="kw">impl </span>Default <span class="kw">for </span>Cors {
<span class="doccomment">/// A restrictive (security paranoid) set of defaults.
///
/// *No* allowed origins, methods, request headers or exposed headers. Credentials
/// not supported. No max age (will use browser&#39;s default).
</span><span class="kw">fn </span>default() -&gt; Cors {
<span class="kw">let </span>inner = Inner {
allowed_origins: AllOrSome::Some(HashSet::with_capacity(<span class="number">8</span>)),
allowed_origins_fns: <span class="macro">smallvec!</span>[],
allowed_methods: HashSet::with_capacity(<span class="number">8</span>),
allowed_methods_baked: <span class="prelude-val">None</span>,
allowed_headers: AllOrSome::Some(HashSet::with_capacity(<span class="number">8</span>)),
allowed_headers_baked: <span class="prelude-val">None</span>,
expose_headers: AllOrSome::Some(HashSet::with_capacity(<span class="number">8</span>)),
expose_headers_baked: <span class="prelude-val">None</span>,
max_age: <span class="prelude-val">None</span>,
preflight: <span class="bool-val">true</span>,
send_wildcard: <span class="bool-val">false</span>,
supports_credentials: <span class="bool-val">false</span>,
<span class="attr">#[cfg(feature = <span class="string">&quot;draft-private-network-access&quot;</span>)]
</span>allow_private_network_access: <span class="bool-val">false</span>,
vary_header: <span class="bool-val">true</span>,
block_on_origin_mismatch: <span class="bool-val">true</span>,
};
Cors {
inner: Rc::new(inner),
error: <span class="prelude-val">None</span>,
}
}
}
<span class="kw">impl</span>&lt;S, B&gt; Transform&lt;S, ServiceRequest&gt; <span class="kw">for </span>Cors
<span class="kw">where
</span>S: Service&lt;ServiceRequest, Response = ServiceResponse&lt;B&gt;, Error = Error&gt;,
S::Future: <span class="lifetime">&#39;static</span>,
B: MessageBody + <span class="lifetime">&#39;static</span>,
{
<span class="kw">type </span>Response = ServiceResponse&lt;EitherBody&lt;B&gt;&gt;;
<span class="kw">type </span>Error = Error;
<span class="kw">type </span>InitError = ();
<span class="kw">type </span>Transform = CorsMiddleware&lt;S&gt;;
<span class="kw">type </span>Future = Ready&lt;<span class="prelude-ty">Result</span>&lt;<span class="self">Self</span>::Transform, <span class="self">Self</span>::InitError&gt;&gt;;
<span class="kw">fn </span>new_transform(<span class="kw-2">&amp;</span><span class="self">self</span>, service: S) -&gt; <span class="self">Self</span>::Future {
<span class="kw">if let </span><span class="prelude-val">Some</span>(<span class="kw-2">ref </span>err) = <span class="self">self</span>.error {
<span class="kw">match </span>err {
Either::Left(err) =&gt; <span class="macro">error!</span>(<span class="string">&quot;{}&quot;</span>, err),
Either::Right(err) =&gt; <span class="macro">error!</span>(<span class="string">&quot;{}&quot;</span>, err),
}
<span class="kw">return </span>future::err(());
}
<span class="kw">let </span><span class="kw-2">mut </span>inner = Rc::clone(<span class="kw-2">&amp;</span><span class="self">self</span>.inner);
<span class="kw">if </span>inner.supports_credentials &amp;&amp; inner.send_wildcard &amp;&amp; inner.allowed_origins.is_all() {
<span class="macro">error!</span>(
<span class="string">&quot;Illegal combination of CORS options: credentials can not be supported when all \
origins are allowed and `send_wildcard` is enabled.&quot;
</span>);
<span class="kw">return </span>future::err(());
}
<span class="comment">// bake allowed headers value if Some and not empty
</span><span class="kw">match </span>inner.allowed_headers.as_ref() {
<span class="prelude-val">Some</span>(header_set) <span class="kw">if </span>!header_set.is_empty() =&gt; {
<span class="kw">let </span>allowed_headers_str = intersperse_header_values(header_set);
Rc::make_mut(<span class="kw-2">&amp;mut </span>inner).allowed_headers_baked = <span class="prelude-val">Some</span>(allowed_headers_str);
}
<span class="kw">_ </span>=&gt; {}
}
<span class="comment">// bake allowed methods value if not empty
</span><span class="kw">if </span>!inner.allowed_methods.is_empty() {
<span class="kw">let </span>allowed_methods_str = intersperse_header_values(<span class="kw-2">&amp;</span>inner.allowed_methods);
Rc::make_mut(<span class="kw-2">&amp;mut </span>inner).allowed_methods_baked = <span class="prelude-val">Some</span>(allowed_methods_str);
}
<span class="comment">// bake exposed headers value if Some and not empty
</span><span class="kw">match </span>inner.expose_headers.as_ref() {
<span class="prelude-val">Some</span>(header_set) <span class="kw">if </span>!header_set.is_empty() =&gt; {
<span class="kw">let </span>expose_headers_str = intersperse_header_values(header_set);
Rc::make_mut(<span class="kw-2">&amp;mut </span>inner).expose_headers_baked = <span class="prelude-val">Some</span>(expose_headers_str);
}
<span class="kw">_ </span>=&gt; {}
}
future::ok(CorsMiddleware { service, inner })
}
}
<span class="doccomment">/// Only call when values are guaranteed to be valid header values and set is not empty.
</span><span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>intersperse_header_values&lt;T&gt;(val_set: <span class="kw-2">&amp;</span>HashSet&lt;T&gt;) -&gt; HeaderValue
<span class="kw">where
</span>T: AsRef&lt;str&gt;,
{
<span class="macro">debug_assert!</span>(
!val_set.is_empty(),
<span class="string">&quot;only call `intersperse_header_values` when set is not empty&quot;
</span>);
val_set
.iter()
.fold(String::with_capacity(<span class="number">64</span>), |<span class="kw-2">mut </span>acc, val| {
acc.push_str(<span class="string">&quot;, &quot;</span>);
acc.push_str(val.as_ref());
acc
})
<span class="comment">// set is not empty so string will always have leading &quot;, &quot; to trim
</span>[<span class="number">2</span>..]
.try_into()
<span class="comment">// all method names are valid header values
</span>.unwrap()
}
<span class="attr">#[cfg(test)]
</span><span class="kw">mod </span>test {
<span class="kw">use </span>std::convert::{Infallible, TryInto};
<span class="kw">use </span>actix_web::{
body,
dev::{fn_service, Transform},
http::{header::HeaderName, StatusCode},
test::{<span class="self">self</span>, TestRequest},
HttpResponse,
};
<span class="kw">use super</span>::<span class="kw-2">*</span>;
<span class="attr">#[test]
</span><span class="kw">fn </span>illegal_allow_credentials() {
<span class="comment">// using the permissive defaults (all origins allowed) and adding send_wildcard
// and supports_credentials should error on construction
</span><span class="macro">assert!</span>(Cors::permissive()
.supports_credentials()
.send_wildcard()
.new_transform(test::ok_service())
.into_inner()
.is_err());
}
<span class="attr">#[actix_web::test]
</span><span class="kw">async fn </span>restrictive_defaults() {
<span class="kw">let </span>cors = Cors::default()
.new_transform(test::ok_service())
.<span class="kw">await
</span>.unwrap();
<span class="kw">let </span>req = TestRequest::default()
.insert_header((<span class="string">&quot;Origin&quot;</span>, <span class="string">&quot;https://www.example.com&quot;</span>))
.to_srv_request();
<span class="kw">let </span>resp = test::call_service(<span class="kw-2">&amp;</span>cors, req).<span class="kw">await</span>;
<span class="macro">assert_eq!</span>(resp.status(), StatusCode::BAD_REQUEST);
}
<span class="attr">#[actix_web::test]
</span><span class="kw">async fn </span>allowed_header_try_from() {
<span class="kw">let </span>_cors = Cors::default().allowed_header(<span class="string">&quot;Content-Type&quot;</span>);
}
<span class="attr">#[actix_web::test]
</span><span class="kw">async fn </span>allowed_header_try_into() {
<span class="kw">struct </span>ContentType;
<span class="kw">impl </span>TryInto&lt;HeaderName&gt; <span class="kw">for </span>ContentType {
<span class="kw">type </span>Error = Infallible;
<span class="kw">fn </span>try_into(<span class="self">self</span>) -&gt; <span class="prelude-ty">Result</span>&lt;HeaderName, <span class="self">Self</span>::Error&gt; {
<span class="prelude-val">Ok</span>(HeaderName::from_static(<span class="string">&quot;content-type&quot;</span>))
}
}
<span class="kw">let </span>_cors = Cors::default().allowed_header(ContentType);
}
<span class="attr">#[actix_web::test]
</span><span class="kw">async fn </span>middleware_generic_over_body_type() {
<span class="kw">let </span>srv = fn_service(|req: ServiceRequest| <span class="kw">async move </span>{
<span class="prelude-val">Ok</span>(req.into_response(HttpResponse::with_body(StatusCode::OK, body::None::new())))
});
Cors::default().new_transform(srv).<span class="kw">await</span>.unwrap();
}
}
</code></pre></div></section></main></body></html>
Reference in New Issue View Git Blame Copy Permalink