How do I configure actix-web to accept CORS requests from any origin?

Asked 16/12, 2019 at 7:9 Answered 17/6 at 11:30

I am building a REST API with actix-web. How do I configure CORS to accept requests from any origin?

Cors::new() // <- Construct CORS middleware builder
    .allowed_origin("localhost:8081")
    .allowed_methods(vec!["GET", "POST"])
    .allowed_headers(vec![http::header::AUTHORIZATION, http::header::ACCEPT])
    .allowed_header(http::header::CONTENT_TYPE)
    .max_age(3600)

The above code works from the web at localhost:8081, but not from 0.0.0.0:8081 or 127.0.0.1:8081. I tried "*" to allow all, but it's not working. How do I allow all, or at least allow a specific origin and then pass multiple URLs?

Welt answered 16/12, 2019 at 7:9 Comment(0)

By default All origins is allowed

This is my simple CORS setup (allow all origins and methods + allow send credentials)

Cors::new().supports_credentials()

You can start with it, and disallow methods, origins and headers step-by-step.

Maricruzmaridel answered 16/12, 2019 at 7:17 Comment(5)

This is fine where I want to allow all. What if I want allow specifically 3 urls? say, abc.com, abc.uk, abc.org? – Welt 16/12, 2019 at 7:22

chain calls of allowed_origin on each allowed origin – Maricruzmaridel 16/12, 2019 at 7:46

I get error[E0599]: no function or associated item named new found for struct Cors in the current scope – Vargueno 8/3, 2021 at 17:45

@EvanCarroll seems like actix-core was updated - use Cors::default() and checkout actual docs docs.rs/actix-cors/0.5.4/actix_cors/struct.Cors.html – Maricruzmaridel 9/3, 2021 at 8:42

To do the same with the latest version (currently 0.5.4), use Cors::permissive() – Toomey 30/9, 2021 at 21:20

Starting from actix-cors = "0.5.0", you can use:

Cors::permissive()

However, they recommend against using it in production: https://docs.rs/actix-cors/latest/actix_cors/struct.Cors.html#method.permissive

Hedley answered 10/5, 2022 at 15:8 Comment(0)

By default All origins is allowed

This is my simple CORS setup (allow all origins and methods + allow send credentials)

Cors::new().supports_credentials()

You can start with it, and disallow methods, origins and headers step-by-step.

Maricruzmaridel answered 16/12, 2019 at 7:17 Comment(5)

This is fine where I want to allow all. What if I want allow specifically 3 urls? say, abc.com, abc.uk, abc.org? – Welt 16/12, 2019 at 7:22

chain calls of allowed_origin on each allowed origin – Maricruzmaridel 16/12, 2019 at 7:46

I get error[E0599]: no function or associated item named new found for struct Cors in the current scope – Vargueno 8/3, 2021 at 17:45

@EvanCarroll seems like actix-core was updated - use Cors::default() and checkout actual docs docs.rs/actix-cors/0.5.4/actix_cors/struct.Cors.html – Maricruzmaridel 9/3, 2021 at 8:42

To do the same with the latest version (currently 0.5.4), use Cors::permissive() – Toomey 30/9, 2021 at 21:20

you can add origins multiple times:

let cors = Cors::default()
            .allowed_origin("http://localhost:3000")
            .allowed_origin("http://localhost:3200")
            .allowed_origin("https://your-origin.com")
            .allowed_origin("https://your-origin2.com")
            .allowed_methods(vec!["GET", "POST", "DELETE", "PUT"])
            .allowed_headers(vec![http::header::AUTHORIZATION, http::header::ACCEPT,http::header::CONTENT_TYPE])
            .max_age(3600);

Locomotive answered 17/6 at 11:30 Comment(0)

Recommended topics

Hot tags