mirror of
https://github.com/actix/actix-extras.git
synced 2024-11-23 23:51:06 +01:00
47 lines
2.0 KiB
Rust
47 lines
2.0 KiB
Rust
use actix_cors::Cors;
|
|
use actix_web::{http::header, web, App, HttpServer};
|
|
|
|
#[actix_web::main]
|
|
async fn main() -> std::io::Result<()> {
|
|
env_logger::init_from_env(env_logger::Env::new().default_filter_or("info"));
|
|
|
|
HttpServer::new(move || {
|
|
App::new()
|
|
.wrap(
|
|
// default settings are overly restrictive to reduce chance of
|
|
// misconfiguration leading to security concerns
|
|
Cors::default()
|
|
// add specific origin to allowed origin list
|
|
.allowed_origin("http://project.local:8080")
|
|
// allow any port on localhost
|
|
.allowed_origin_fn(|origin, _req_head| {
|
|
origin.as_bytes().starts_with(b"http://localhost")
|
|
|
|
// manual alternative:
|
|
// unwrapping is acceptable on the origin header since this function is
|
|
// only called when it exists
|
|
// req_head
|
|
// .headers()
|
|
// .get(header::ORIGIN)
|
|
// .unwrap()
|
|
// .as_bytes()
|
|
// .starts_with(b"http://localhost")
|
|
})
|
|
// set allowed methods list
|
|
.allowed_methods(vec!["GET", "POST"])
|
|
// set allowed request header list
|
|
.allowed_headers(&[header::AUTHORIZATION, header::ACCEPT])
|
|
// add header to allowed list
|
|
.allowed_header(header::CONTENT_TYPE)
|
|
// set list of headers that are safe to expose
|
|
.expose_headers(&[header::CONTENT_DISPOSITION])
|
|
// set preflight cache TTL
|
|
.max_age(3600),
|
|
)
|
|
.default_service(web::to(|| async { "Hello, cross-origin world!" }))
|
|
})
|
|
.bind("127.0.0.1:8080")?
|
|
.run()
|
|
.await
|
|
}
|