Skip to content

Document recommended CORS config in a server environment #359

New issue
New issue
Open
Open
Document recommended CORS config in a server environment#359
Labels
A-corsProject: actix-corsC-documentationImprovements or additions to documentation
@nyurik

Description

@nyurik
nyurik
opened on Oct 28, 2023

Most Actix-using services provide some user configuration via .yaml files or CLI parameters. CORS is a common feature that would require to be configurable by the end user. Yet, the current CORS crate API is somewhat complex when it comes to translating end-user provided configuration into API calls.

I think it will be of great help for developers to suggest some ways of specifying CORS values via configuration and translating them to API calls. Note that this is different than the dynamic configuration via allowed_origin_fn or similar.

Configuration Examples

Origins

cors-origins: *
cors-origins: example.com
cors-origins: [ example.com, example.org ]
let origins: String = config.cors_origins;
// FIXME: this won't work because it has to handle "*" differently?
Cors::default().allowed_origin(origins);

Methods

cors-methods: *
cors-methods: GET
cors-methods: [ GET, POST ]
// TODO: Rust example

Headers

cors-headers: *
cors-headers: AUTHORIZATION
cors-headers: [ AUTHORIZATION, ACCEPT ]
// TODO: Rust example

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-corsProject: actix-corsC-documentationImprovements or additions to documentation

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions