Comments (6)
adimarco
commented on May 23, 2024
This seems to be due to the lack of an "Origin" header in my curl request. When I set an Origin header it works.
According to Mozilla, the "Origin" header can be blank - https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Origin though it appears that's not currently supported as rocket_cors is written. (I tried the curl with an -H "Origin: " to send it the empty string)
from rocket_cors.
lawliet89
commented on May 23, 2024
The header can be blank, but there is no value in handling a blank origin.
Your browser will always send the Origin header when making a request to
something from a different origin. Tools like curl do not have this
behaviour and your routes will work just fine without the header.
See https://www.w3.org/TR/cors/#resource-processing-model
from rocket_cors.
lawliet89
commented on May 23, 2024
You can test with the following example:
#![feature(plugin)]
#![plugin(rocket_codegen)]
extern crate rocket;
extern crate rocket_cors;
use rocket::http::Method;
use rocket_cors::{AllowedOrigins, AllowedHeaders};
#[get("/")]
fn get<'a>() -> &'a str {
"Hello CORS"
}
#[put("/")]
fn put<'a>() -> &'a str {
"Hello CORS"
}
#[post("/")]
fn post<'a>() -> &'a str {
"Hello CORS"
}
#[delete("/")]
fn delete<'a>() -> &'a str {
"Hello CORS"
}
fn main() {
let (allowed_origins, failed_origins) = AllowedOrigins::some(&["http://www.test-cors.org"]);
assert!(failed_origins.is_empty());
// You can also deserialize this
let options = rocket_cors::Cors {
allowed_origins: allowed_origins,
allowed_methods: vec![Method::Get, Method::Put, Method::Post, Method::Delete]
.into_iter()
.map(From::from)
.collect(),
allowed_headers: AllowedHeaders::some(&["Authorization", "Accept"]),
allow_credentials: true,
..Default::default()
};
rocket::ignite()
.mount("/", routes![get, put, post, delete])
.attach(options)
.launch();
}From the test-cors.org website. For example, to test PUT:
Running `target/debug/examples/test-cors`
🔧 Configured for development.
=> address: localhost
=> port: 8000
=> log: normal
=> workers: 8
=> secret key: generated
=> limits: forms = 32KiB
=> tls: disabled
🛰 Mounting '/':
=> GET /
=> PUT /
=> POST /
=> DELETE /
🛰 Mounting '/cors':
=> GET /cors/<status>
📡 Fairings:
=> 0 launch:
=> 1 request: CORS
=> 1 response: CORS
🚀 Rocket has launched from http://localhost:8000
OPTIONS /:
=> Error: No matching routes for OPTIONS /.
=> Warning: Responding with 404 Not Found catcher.
=> CORS Fairing: Turned missing route OPTIONS / into an OPTIONS pre-flight request
=> Response succeeded.
PUT /:
=> Matched: PUT /
=> Outcome: Success
=> Response succeeded.
from rocket_cors.
lawliet89
commented on May 23, 2024
@adimarco: I am assuming that you have no further issue with this. Please reopen or raise a new issue if something new arises.
from rocket_cors.
Arignir
commented on May 23, 2024
I got brained by this issue the first time I tried rocket_cors, and adimarco and I probably aren't the only one. Took me quite a lot of googling to find out the missing Origin was the key.
Handling no/default Origin would be great to make rocket_cors easier to understand, and help them understand they aren't doing anything wrong when they try the crate for the first time.
from rocket_cors.
lawliet89
commented on May 23, 2024
Do you mean you would like the crate to inject the CORS response headers even when the browser does not include any CORS related request headers?
from rocket_cors.
Related Issues (20)
- Building on `stable` results in error HOT 5
- Rocket Cors & Headers HOT 1
- Fairing CORS fails preflight check HOT 1
- Build error with latest async-trait HOT 3
- No CORS headers (even running example) HOT 1
- Build error on Rust 1.33.0-nightly. HOT 2
- Upload Documentation to Github Pages using Github Actions HOT 6
- Add a builder pattern to CorsOptions HOT 2
- Hide Error: No matching routes for OPTIONS HOT 3
- `log` is ambiguous HOT 7
- Fairing working in local but not in remote server HOT 1
- Support for Rocket async branch HOT 4
- Cors Partially working HOT 4
- Support configuration from Rocket.toml HOT 2
- Define MSRV when Rocket 0.5 is released HOT 1
- Switch back Rocket dependency to crates.io when 0.5 is released HOT 5
- CORS gives an error when booting with the default settings and accessing with axios. HOT 2
- Compile on stable rust HOT 1
- Fixed Manuel Issue HOT 1
- the trait `Fairing` is not implemented for `Cors` HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rocket_cors.