How to set up CORS or OPTIONS for Rocket.rs

by

In order for a server to provide an external API it needs to be able to deal with Cross Origin Resource Sharing (CORS). CORS is an HTTP-header based mechanism that allows a server to indicate which origins (domain, protocol, or port) that a browser should permit loading of resources.

You can create a fairing to handle CORS globally for your app. A very permissive version would be as follows, but of course, you’ll have to tailor to your specific application.

Rocket 0.4

use rocket::http::Header;
use rocket::{Request, Response};
use rocket::fairing::{Fairing, Info, Kind};

pub struct CORS;

impl Fairing for CORS {
    fn info(&self) -> Info {
        Info {
            name: "Add CORS headers to responses",
            kind: Kind::Response
        }
    }

    fn on_response(&self, request: &Request, response: &mut Response) {
        response.set_header(Header::new("Access-Control-Allow-Origin", "*"));
        response.set_header(Header::new("Access-Control-Allow-Methods", "POST, GET, PATCH, OPTIONS"));
        response.set_header(Header::new("Access-Control-Allow-Headers", "*"));
        response.set_header(Header::new("Access-Control-Allow-Credentials", "true"));
    }
}

Rocket 0.5

use rocket::http::Header;
use rocket::{Request, Response};
use rocket::fairing::{Fairing, Info, Kind};

pub struct CORS;

#[rocket::async_trait]
impl Fairing for CORS {
    fn info(&self) -> Info {
        Info {
            name: "Add CORS headers to responses",
            kind: Kind::Response
        }
    }

    async fn on_response<'r>(&self, _request: &'r Request<'_>, response: &mut Response<'r>) {
        response.set_header(Header::new("Access-Control-Allow-Origin", "*"));
        response.set_header(Header::new("Access-Control-Allow-Methods", "POST, GET, PATCH, OPTIONS"));
        response.set_header(Header::new("Access-Control-Allow-Headers", "*"));
        response.set_header(Header::new("Access-Control-Allow-Credentials", "true"));
    }
}

You just have to attach the fairing like this:

rocket::ignite().attach(CORS)

Alternatively, you can use the rocket_cors crate.

use rocket::http::Method;
use rocket_cors::{AllowedOrigins, CorsOptions};

let cors = CorsOptions::default()
    .allowed_origins(AllowedOrigins::all())
    .allowed_methods(
        vec![Method::Get, Method::Post, Method::Patch]
            .into_iter()
            .map(From::from)
            .collect(),
    )
    .allow_credentials(true);

rocket::ignite().attach(cors.to_cors().unwrap())

You can learn more about CORS and Access Control headers here

More Related Contents:

  1. How to pass basic auth credentials in API call for a Flutter mobile application?
  2. How to point to localhost:8000 with the Dart http package in Flutter?
  3. How do you add query parameters to a Dart http request?
  4. How do I make an HTTP request from Rust?
  5. How to idiomatically log auth information with middleware
  6. What is the difference between POST and PUT in HTTP?
  7. How long do browsers cache HTTP 301s?
  8. REST HTTP status codes for failed validation or invalid duplicate
  9. How to $http Synchronous call with AngularJS
  10. Correct way to pass multiple values for same parameter name in GET request
  11. What is the difference between HTTP status code 200 (cache) vs status code 304?
  12. HTTP 1.0 vs 1.1
  13. How to set a timeout on a http.request() in Node?
  14. Difference between no-cache and must-revalidate
  15. Correct way of getting Client’s IP Addresses from http.Request
  16. HTTP status code for a partial successful request
  17. How to use angular2 http API for tracking upload/download progress
  18. Why can’t I set a cookie and redirect?
  19. What is the function of the “Vary: Accept” HTTP header?
  20. Doing a HTTP PUT from a browser
  21. angular — accessing data of multiple http calls – how to resolve the promises
  22. Compressing HTTP Post Data sent from browser
  23. How can I navigate between 2 classes, one of them requires passing data? in flutter
  24. Escaping username characters in basic auth URLs
  25. Can I stream a file upload to S3 without a content-length header?
  26. How to evaluate http response codes from bash/shell script?
  27. HTTP status code for temporarily unavailable pages
  28. HTTPS Proxy Server in node.js
  29. Why does Firebug show a “206 Partial Content” response on a video loading request?
  30. What should a Multipart HTTP request with multiple file inputs look like? [duplicate]

Leave a Comment