Struct rama::http::layer::cors::CorsLayer

pub struct CorsLayer { /* private fields */ }
Expand description

Layer that applies the Cors middleware which adds headers for CORS.

See the module docs for an example.

Implementations§

§

impl CorsLayer

pub fn new() -> CorsLayer

Create a new CorsLayer.

No headers are sent by default. Use the builder methods to customize the behavior.

You need to set at least an allowed origin for browsers to make successful cross-origin requests to your service.

pub fn permissive() -> CorsLayer

A permissive configuration:

  • All request headers allowed.
  • All methods allowed.
  • All origins allowed.
  • All headers exposed.

pub fn very_permissive() -> CorsLayer

A very permissive configuration:

  • Credentials allowed.
  • The method received in Access-Control-Request-Method is sent back as an allowed method.
  • The origin of the preflight request is sent back as an allowed origin.
  • The header names received in Access-Control-Request-Headers are sent back as allowed headers.
  • No headers are currently exposed, but this may change in the future.

pub fn allow_credentials<T>(self, allow_credentials: T) -> CorsLayer
where T: Into<AllowCredentials>,

Set the Access-Control-Allow-Credentials header.

use rama_http::layer::cors::CorsLayer;

let layer = CorsLayer::new().allow_credentials(true);

pub fn allow_headers<T>(self, headers: T) -> CorsLayer
where T: Into<AllowHeaders>,

Set the value of the Access-Control-Allow-Headers header.

use rama_http::layer::cors::CorsLayer;
use rama_http::header::{AUTHORIZATION, ACCEPT};

let layer = CorsLayer::new().allow_headers([AUTHORIZATION, ACCEPT]);

All headers can be allowed with

use rama_http::layer::cors::{Any, CorsLayer};

let layer = CorsLayer::new().allow_headers(Any);

You can also use an async closure:

use rama_http::layer::cors::{CorsLayer, AllowOrigin};
use rama_http::dep::http::{request::Parts as RequestParts, HeaderValue};

let client = get_api_client();

let layer = CorsLayer::new().allow_origin(AllowOrigin::async_predicate(
    |origin: HeaderValue, _request_parts: &RequestParts| async move {
        // fetch list of origins that are allowed
        let origins = client.fetch_allowed_origins().await;
        origins.contains(&origin)
    },
));

let client = get_api_client();

// if using &RequestParts, make sure all the values are owned
// before passing into the future
let layer = CorsLayer::new().allow_origin(AllowOrigin::async_predicate(
    |origin: HeaderValue, parts: &RequestParts| {
        let path = parts.uri.path().to_owned();

        async move {
            // fetch list of origins that are allowed for this path
            let origins = client.fetch_allowed_origins_for_path(path).await;
            origins.contains(&origin)
        }
    },
));

Note that multiple calls to this method will override any previous calls.

Also note that Access-Control-Allow-Headers is required for requests that have Access-Control-Request-Headers.

pub fn max_age<T>(self, max_age: T) -> CorsLayer
where T: Into<MaxAge>,

Set the value of the Access-Control-Max-Age header.

use std::time::Duration;
use rama_http::layer::cors::CorsLayer;

let layer = CorsLayer::new().max_age(Duration::from_secs(60) * 10);

By default the header will not be set which disables caching and will require a preflight call for all requests.

Note that each browser has a maximum internal value that takes precedence when the Access-Control-Max-Age is greater. For more details see mdn.

If you need more flexibility, you can use supply a function which can dynamically decide the max-age based on the origin and other parts of each preflight request:

use std::time::Duration;

use rama_http::dep::http::{request::Parts as RequestParts, HeaderValue};
use rama_http::layer::cors::{CorsLayer, MaxAge};

let layer = CorsLayer::new().max_age(MaxAge::dynamic(
    |_origin: &HeaderValue, parts: &RequestParts| -> Duration {
        // Let's say you want to be able to reload your config at
        // runtime and have another middleware that always inserts
        // the current config into the request extensions
        let config = parts.extensions.get::<MyServerConfig>().unwrap();
        config.cors_max_age
    },
));

pub fn allow_methods<T>(self, methods: T) -> CorsLayer
where T: Into<AllowMethods>,

Set the value of the Access-Control-Allow-Methods header.

use rama_http::layer::cors::CorsLayer;
use rama_http::Method;

let layer = CorsLayer::new().allow_methods([Method::GET, Method::POST]);

All methods can be allowed with

use rama_http::layer::cors::{Any, CorsLayer};

let layer = CorsLayer::new().allow_methods(Any);

Note that multiple calls to this method will override any previous calls.

pub fn allow_origin<T>(self, origin: T) -> CorsLayer
where T: Into<AllowOrigin>,

Set the value of the Access-Control-Allow-Origin header.

use rama_http::HeaderValue;
use rama_http::layer::cors::CorsLayer;

let layer = CorsLayer::new().allow_origin(
    "http://example.com".parse::<HeaderValue>().unwrap(),
);

Multiple origins can be allowed with

use rama_http::layer::cors::CorsLayer;

let origins = [
    "http://example.com".parse().unwrap(),
    "http://api.example.com".parse().unwrap(),
];

let layer = CorsLayer::new().allow_origin(origins);

All origins can be allowed with

use rama_http::layer::cors::{Any, CorsLayer};

let layer = CorsLayer::new().allow_origin(Any);

You can also use a closure

use rama_http::layer::cors::{CorsLayer, AllowOrigin};
use rama_http::dep::http::{request::Parts as RequestParts, HeaderValue};

let layer = CorsLayer::new().allow_origin(AllowOrigin::predicate(
    |origin: &HeaderValue, _request_parts: &RequestParts| {
        origin.as_bytes().ends_with(b".rust-lang.org")
    },
));

Note that multiple calls to this method will override any previous calls.

pub fn expose_headers<T>(self, headers: T) -> CorsLayer
where T: Into<ExposeHeaders>,

Set the value of the Access-Control-Expose-Headers header.

use rama_http::layer::cors::CorsLayer;
use rama_http::header::CONTENT_ENCODING;

let layer = CorsLayer::new().expose_headers([CONTENT_ENCODING]);

All headers can be allowed with

use rama_http::layer::cors::{Any, CorsLayer};

let layer = CorsLayer::new().expose_headers(Any);

Note that multiple calls to this method will override any previous calls.

pub fn allow_private_network<T>(self, allow_private_network: T) -> CorsLayer
where T: Into<AllowPrivateNetwork>,

Set the value of the Access-Control-Allow-Private-Network header.

use rama_http::layer::cors::CorsLayer;

let layer = CorsLayer::new().allow_private_network(true);

pub fn vary<T>(self, headers: T) -> CorsLayer
where T: Into<Vary>,

Set the value(s) of the Vary header.

In contrast to the other headers, this one has a non-empty default of preflight_request_headers().

You only need to set this is you want to remove some of these defaults, or if you use a closure for one of the other headers and want to add a vary header accordingly.

Trait Implementations§

§

impl Clone for CorsLayer

§

fn clone(&self) -> CorsLayer

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
§

impl Debug for CorsLayer

§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
§

impl Default for CorsLayer

§

fn default() -> CorsLayer

Returns the “default value” for a type. Read more
§

impl<S> Layer<S> for CorsLayer

§

type Service = Cors<S>

The service produced by the layer.
§

fn layer(&self, inner: S) -> <CorsLayer as Layer<S>>::Service

Wrap the given service with the middleware, returning a new service.

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> CloneToUninit for T
where T: Clone,

source§

default unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
§

impl<T> Conv for T

§

fn conv<T>(self) -> T
where Self: Into<T>,

Converts self into T using Into<T>. Read more
§

impl<T> FmtForward for T

§

fn fmt_binary(self) -> FmtBinary<Self>
where Self: Binary,

Causes self to use its Binary implementation when Debug-formatted.
§

fn fmt_display(self) -> FmtDisplay<Self>
where Self: Display,

Causes self to use its Display implementation when Debug-formatted.
§

fn fmt_lower_exp(self) -> FmtLowerExp<Self>
where Self: LowerExp,

Causes self to use its LowerExp implementation when Debug-formatted.
§

fn fmt_lower_hex(self) -> FmtLowerHex<Self>
where Self: LowerHex,

Causes self to use its LowerHex implementation when Debug-formatted.
§

fn fmt_octal(self) -> FmtOctal<Self>
where Self: Octal,

Causes self to use its Octal implementation when Debug-formatted.
§

fn fmt_pointer(self) -> FmtPointer<Self>
where Self: Pointer,

Causes self to use its Pointer implementation when Debug-formatted.
§

fn fmt_upper_exp(self) -> FmtUpperExp<Self>
where Self: UpperExp,

Causes self to use its UpperExp implementation when Debug-formatted.
§

fn fmt_upper_hex(self) -> FmtUpperHex<Self>
where Self: UpperHex,

Causes self to use its UpperHex implementation when Debug-formatted.
§

fn fmt_list(self) -> FmtList<Self>
where &'a Self: for<'a> IntoIterator,

Formats each item in a sequence. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> FutureExt for T

§

fn with_context(self, otel_cx: Context) -> WithContext<Self>

Attaches the provided Context to this type, returning a WithContext wrapper. Read more
§

fn with_current_context(self) -> WithContext<Self>

Attaches the current Context to this type, returning a WithContext wrapper. Read more
§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T> Pipe for T
where T: ?Sized,

§

fn pipe<R>(self, func: impl FnOnce(Self) -> R) -> R
where Self: Sized,

Pipes by value. This is generally the method you want to use. Read more
§

fn pipe_ref<'a, R>(&'a self, func: impl FnOnce(&'a Self) -> R) -> R
where R: 'a,

Borrows self and passes that borrow into the pipe function. Read more
§

fn pipe_ref_mut<'a, R>(&'a mut self, func: impl FnOnce(&'a mut Self) -> R) -> R
where R: 'a,

Mutably borrows self and passes that borrow into the pipe function. Read more
§

fn pipe_borrow<'a, B, R>(&'a self, func: impl FnOnce(&'a B) -> R) -> R
where Self: Borrow<B>, B: 'a + ?Sized, R: 'a,

Borrows self, then passes self.borrow() into the pipe function. Read more
§

fn pipe_borrow_mut<'a, B, R>( &'a mut self, func: impl FnOnce(&'a mut B) -> R, ) -> R
where Self: BorrowMut<B>, B: 'a + ?Sized, R: 'a,

Mutably borrows self, then passes self.borrow_mut() into the pipe function. Read more
§

fn pipe_as_ref<'a, U, R>(&'a self, func: impl FnOnce(&'a U) -> R) -> R
where Self: AsRef<U>, U: 'a + ?Sized, R: 'a,

Borrows self, then passes self.as_ref() into the pipe function.
§

fn pipe_as_mut<'a, U, R>(&'a mut self, func: impl FnOnce(&'a mut U) -> R) -> R
where Self: AsMut<U>, U: 'a + ?Sized, R: 'a,

Mutably borrows self, then passes self.as_mut() into the pipe function.
§

fn pipe_deref<'a, T, R>(&'a self, func: impl FnOnce(&'a T) -> R) -> R
where Self: Deref<Target = T>, T: 'a + ?Sized, R: 'a,

Borrows self, then passes self.deref() into the pipe function.
§

fn pipe_deref_mut<'a, T, R>( &'a mut self, func: impl FnOnce(&'a mut T) -> R, ) -> R
where Self: DerefMut<Target = T> + Deref, T: 'a + ?Sized, R: 'a,

Mutably borrows self, then passes self.deref_mut() into the pipe function.
§

impl<T> PolicyExt for T
where T: ?Sized,

§

fn and<S, P, B, E>(self, other: P) -> And<T, P>
where T: Policy<S, B, E>, P: Policy<S, B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
§

fn or<S, P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<S, B, E>, P: Policy<S, B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
source§

impl<T> Same for T

§

type Output = T

Should always be Self
§

impl<T> Tap for T

§

fn tap(self, func: impl FnOnce(&Self)) -> Self

Immutable access to a value. Read more
§

fn tap_mut(self, func: impl FnOnce(&mut Self)) -> Self

Mutable access to a value. Read more
§

fn tap_borrow<B>(self, func: impl FnOnce(&B)) -> Self
where Self: Borrow<B>, B: ?Sized,

Immutable access to the Borrow<B> of a value. Read more
§

fn tap_borrow_mut<B>(self, func: impl FnOnce(&mut B)) -> Self
where Self: BorrowMut<B>, B: ?Sized,

Mutable access to the BorrowMut<B> of a value. Read more
§

fn tap_ref<R>(self, func: impl FnOnce(&R)) -> Self
where Self: AsRef<R>, R: ?Sized,

Immutable access to the AsRef<R> view of a value. Read more
§

fn tap_ref_mut<R>(self, func: impl FnOnce(&mut R)) -> Self
where Self: AsMut<R>, R: ?Sized,

Mutable access to the AsMut<R> view of a value. Read more
§

fn tap_deref<T>(self, func: impl FnOnce(&T)) -> Self
where Self: Deref<Target = T>, T: ?Sized,

Immutable access to the Deref::Target of a value. Read more
§

fn tap_deref_mut<T>(self, func: impl FnOnce(&mut T)) -> Self
where Self: DerefMut<Target = T> + Deref, T: ?Sized,

Mutable access to the Deref::Target of a value. Read more
§

fn tap_dbg(self, func: impl FnOnce(&Self)) -> Self

Calls .tap() only in debug builds, and is erased in release builds.
§

fn tap_mut_dbg(self, func: impl FnOnce(&mut Self)) -> Self

Calls .tap_mut() only in debug builds, and is erased in release builds.
§

fn tap_borrow_dbg<B>(self, func: impl FnOnce(&B)) -> Self
where Self: Borrow<B>, B: ?Sized,

Calls .tap_borrow() only in debug builds, and is erased in release builds.
§

fn tap_borrow_mut_dbg<B>(self, func: impl FnOnce(&mut B)) -> Self
where Self: BorrowMut<B>, B: ?Sized,

Calls .tap_borrow_mut() only in debug builds, and is erased in release builds.
§

fn tap_ref_dbg<R>(self, func: impl FnOnce(&R)) -> Self
where Self: AsRef<R>, R: ?Sized,

Calls .tap_ref() only in debug builds, and is erased in release builds.
§

fn tap_ref_mut_dbg<R>(self, func: impl FnOnce(&mut R)) -> Self
where Self: AsMut<R>, R: ?Sized,

Calls .tap_ref_mut() only in debug builds, and is erased in release builds.
§

fn tap_deref_dbg<T>(self, func: impl FnOnce(&T)) -> Self
where Self: Deref<Target = T>, T: ?Sized,

Calls .tap_deref() only in debug builds, and is erased in release builds.
§

fn tap_deref_mut_dbg<T>(self, func: impl FnOnce(&mut T)) -> Self
where Self: DerefMut<Target = T> + Deref, T: ?Sized,

Calls .tap_deref_mut() only in debug builds, and is erased in release builds.
source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
§

impl<T> TryConv for T

§

fn try_conv<T>(self) -> Result<T, Self::Error>
where Self: TryInto<T>,

Attempts to convert self into T using TryInto<T>. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more