Struct tower_http::cors::CorsLayer

source · []
pub struct CorsLayer { /* private fields */ }
This is supported on crate feature cors only.
Expand description

Layer that applies the Cors middleware which adds headers for CORS.

See the module docs for an example.

Implementations

Create a new CorsLayer.

This creates a restrictive configuration. Use the builder methods to customize the behavior.

A very permissive configuration suitable for development:

  • Credentials allowed.
  • All request headers allowed.
  • All methods allowed.
  • All origins allowed.
  • All headers exposed.
  • Max age set to 1 hour.

Note this is not recommended for production use.

Set the Access-Control-Allow-Credentials header.

use tower_http::cors::CorsLayer;

let layer = CorsLayer::new().allow_credentials(true);

Set the value of the Access-Control-Allow-Headers header.

use tower_http::cors::CorsLayer;
use http::header::{AUTHORIZATION, ACCEPT};

let layer = CorsLayer::new().allow_headers(vec![AUTHORIZATION, ACCEPT]);

All headers can be allowed with

use tower_http::cors::{Any, CorsLayer};

let layer = CorsLayer::new().allow_headers(Any);

Note that multiple calls to this method will override any previous calls.

Also note that Access-Control-Allow-Headers is required for requests that have Access-Control-Request-Headers.

Set the value of the Access-Control-Max-Age header.

use tower_http::cors::CorsLayer;
use std::time::Duration;

let layer = CorsLayer::new().max_age(Duration::from_secs(60) * 10);

By default the header will not be set which disables caching and will require a preflight call for all requests.

Note that each browser has a maximum internal value that takes precedence when the Access-Control-Max-Age is greater. For more details see mdn.

Set the value of the Access-Control-Allow-Methods header.

use tower_http::cors::CorsLayer;
use http::Method;

let layer = CorsLayer::new().allow_methods(vec![Method::GET, Method::POST]);

All methods can be allowed with

use tower_http::cors::{Any, CorsLayer};

let layer = CorsLayer::new().allow_methods(Any);

Note that multiple calls to this method will override any previous calls.

Set the value of the Access-Control-Allow-Origin header.

use tower_http::cors::{CorsLayer, Origin};

let layer = CorsLayer::new().allow_origin(Origin::exact(
    "http://example.com".parse().unwrap(),
));

Multiple origins can be allowed with

use tower_http::cors::{CorsLayer, Origin};

let origins = vec![
    "http://example.com".parse().unwrap(),
    "http://api.example.com".parse().unwrap(),
];

let layer = CorsLayer::new().allow_origin(Origin::list(origins));

All origins can be allowed with

use tower_http::cors::{Any, CorsLayer};

let layer = CorsLayer::new().allow_origin(Any);

You can also use a closure

use tower_http::cors::{CorsLayer, Origin};
use http::{HeaderValue, request::Parts};

let layer = CorsLayer::new().allow_origin(
    Origin::predicate(|origin: &HeaderValue, _request_head: &Parts| {
        origin.as_bytes().ends_with(b".rust-lang.org")
    })
);

Note that multiple calls to this method will override any previous calls.

Set the value of the Access-Control-Expose-Headers header.

use tower_http::cors::CorsLayer;
use http::header::CONTENT_ENCODING;

let layer = CorsLayer::new().expose_headers(vec![CONTENT_ENCODING]);

All headers can be allowed with

use tower_http::cors::{Any, CorsLayer};

let layer = CorsLayer::new().expose_headers(Any);

Note that multiple calls to this method will override any previous calls.

Trait Implementations

Returns a copy of the value. Read more

Performs copy-assignment from source. Read more

Formats the value using the given formatter. Read more

Returns the “default value” for a type. Read more

The wrapped service

Wrap the given service with the middleware, returning a new service that has been decorated with the middleware. Read more

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

This is supported on crate feature follow-redirect only.

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more

This is supported on crate feature follow-redirect only.

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more

The resulting type after obtaining ownership.

Creates owned data from borrowed data, usually by cloning. Read more

🔬 This is a nightly-only experimental API. (toowned_clone_into)

Uses borrowed data to replace owned data, usually by cloning. Read more

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more