Brandur
59244b203c
Let CSRF's allowed_origin()
be specified as a type supporting Into<String>
...
A very minor addition: I'm using this middleware on specific resources,
and given a non-static string, I often have to `clone()` already to get
a string into a closure. Take this code for example:
``` rust
let server = actix_web::server::new(move || {
let csrf_origin_graphql = csrf_origin.clone();
...
.resource("/graphql", move |r| {
r.middleware(
csrf::CsrfFilter::new().allowed_origin(csrf_origin_graphql.as_str()),
);
r.method(Method::POST).a(graphql::handlers::graphql_post);
})
```
Letting `allowed_origin()` take an `Into<String>` instead of `&str` would
prevent a second `clone()` in the code above, and also make the code a little
nicer to read (you eliminate the `.as_str()` above). This is a pattern that
seems to be common throughout actix-web already anyway, so it should also be
fine to have here.
2018-04-21 08:41:06 -07:00
Nikolay Kim
813d1d6e66
doc strings layout
2018-04-18 20:41:03 -07:00
Nikolay Kim
48b02abee7
fmt
2018-04-18 20:16:29 -07:00
Nikolay Kim
ce1081432b
export session module
2018-04-18 20:11:49 -07:00
Nikolay Kim
e9bdba57a0
Add identity service middleware
2018-04-18 19:05:24 -07:00
Nikolay Kim
113f5ad1a8
add rustfmt config
2018-04-13 16:02:01 -07:00
Nikolay Kim
23eea54776
update cors doc string
2018-04-09 21:39:32 -07:00
Nikolay Kim
2881859400
proper test for CorsBuilder::resource
2018-04-09 21:29:57 -07:00
Nikolay Kim
1686682c19
extend CorsBuilder api to make it more user friendly
2018-04-09 21:11:15 -07:00
Nikolay Kim
be358db422
CorsBuilder::finish() panics on any configuration error
2018-04-09 14:20:12 -07:00
Nikolay Kim
7df2d6b12a
clippy warnings; extend url_for example in user guide
2018-04-09 13:30:38 -07:00
Nikolay Kim
0b0bbd6bd9
Merge branch 'master' into private-cookies
2018-04-09 12:54:08 -07:00
Nikolay Kim
5617896780
cleanup doc tests
2018-04-09 10:40:12 -07:00
Alex Whitney
2b803f30c9
remove CookieSessionBackend::new
2018-04-09 18:33:29 +01:00
Alex Whitney
9b152acc32
add signed and private cookies
2018-04-09 17:59:28 +01:00
Nikolay Kim
eb66685d1a
simplify csrf middleware
2018-04-09 09:49:07 -07:00
Nikolay Kim
b505e682d4
fix session doc test
2018-04-09 09:31:11 -07:00
Nikolay Kim
ff14633b3d
simplify CookieSessionBackend; expose max_age cookie setting
2018-04-08 11:05:37 -07:00
Nikolay Kim
7be4b1f399
clippy warns
2018-04-04 20:24:09 -07:00
Nikolay Kim
fee30d6f47
fix doc test compatibility
2018-04-02 22:01:20 -07:00
Nikolay Kim
476b1fb36a
simplify DefaultHeaders middleware
2018-04-02 21:43:50 -07:00
Nikolay Kim
3b93bff602
add ErrorHandlers middleware
2018-04-02 21:37:00 -07:00
Nikolay Kim
83bf852192
Fix logger request duration calculation
2018-04-02 11:09:24 -07:00
Nikolay Kim
17c27ef42d
HttpRequest::resource() returns current matched resource
2018-04-01 17:37:22 -07:00
Nikolay Kim
3ee228005d
rename Application
2018-03-31 00:16:55 -07:00
Nikolay Kim
44e3df82f6
simplify http response construction; deprecate httpcodes
2018-03-30 23:07:33 -07:00
Nikolay Kim
9e751de707
re-arrange modules and exports
2018-03-30 17:31:18 -07:00
Nikolay Kim
2f60a4b89d
add handler with exatractor
2018-03-26 23:10:31 -07:00
Nikolay Kim
4263574a58
fix panic in cors if request does not contain origin header and send_wildcard is not set
2018-03-10 08:31:20 -08:00
Nikolay Kim
24342fb745
Merge pull request #113 from niklasf/csrf-upgrade
...
Let CSRF filter catch cross-site upgrades
2018-03-07 09:58:30 -08:00
Niklas Fiekas
0278e364ec
add tests for csrf upgrade filter
2018-03-07 18:42:21 +01:00
Niklas Fiekas
b9d6bbd357
filter cross-site upgrades in csrf middleware
2018-03-07 17:49:30 +01:00
Niklas Fiekas
5816ecd1bc
fix variable name: cors -> csrf
2018-03-07 17:44:19 +01:00
kindiana
04d0abb3c7
make session an optional feature
2018-03-07 15:38:58 +08:00
Niklas Fiekas
10f57dac31
add csrf filter middleware
2018-03-02 20:13:43 +01:00
Nikolay Kim
206c4e581a
rename httpcodes
2018-03-01 19:12:59 -08:00
Alex Whitney
313396d9b5
fix session mut borrow lifetime
2018-02-28 19:35:26 +00:00
Nikolay Kim
a7bf635158
unify headers and body processing for client response and server request
2018-02-27 15:03:28 -08:00
Nikolay Kim
d6fd4a3524
use buffer capacity; remove unused imports
2018-02-26 15:34:25 -08:00
Nikolay Kim
72aa2d9eae
clippy warnings
2018-02-26 14:33:56 -08:00
Nikolay Kim
fd56e5dc82
do not use regset for route recognition
2018-02-21 14:31:22 -08:00
Nikolay Kim
187644e178
update logger doc string
2018-02-20 12:53:51 -08:00
Nikolay Kim
edd114f6e4
allow to set default content encoding on application level
2018-02-18 22:23:17 -08:00
Alexander Andreev
a565e71018
spelling check
2018-01-31 20:28:53 +03:00
Nikolay Kim
71d534dadb
CORS middleware: allowed_headers is defaulting to None #50
2018-01-20 16:36:57 -08:00
Alexander Andreev
58df8fa4b9
spelling check
2018-01-16 21:59:33 +03:00
Alexander Andreev
e1d9c3803b
spelling check
2018-01-16 00:47:25 +03:00
Nikolay Kim
bc6bb9984f
user guide spelling
2018-01-13 11:17:48 -08:00
Nikolay Kim
eb8052b936
fix cors tests
2018-01-11 20:20:50 -08:00
Nikolay Kim
dab918261c
fix cors allowed header validation
2018-01-11 20:11:34 -08:00