forked from paritytech/jsonrpc
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow customising access control allow headers (paritytech#305)
* Fix typo * Refactor CorsHeader to AllowOrigin * Support Access-Control-Request-Headers in http-server This commit adds the capability to customise the header fields which are allowed. A CORS preflight request uses the `Access-Control-Request-Headers` header to inquire about header fields which are allowed to be used. The response is either `403 Forbidden` or `200 OK` with the header `Access-Control-Allow-Headers` and the list of fields which were supplied in the `Access-Control-Request-Headers`. This list is not necessarily a complete list of all allowed fields. Rather certain fields are always allowed and don't need to be listed. Also `Access-Control-Request-Headers` might not contain header fields which would in fact be allowed to send; these fields are currently not exposed -- only fields which were in `Access-Control-Request-Headers` are containted in the responding `Access-Control-Allow-Headers`. The API can be used with two enums: `cors_allow_headers(AccessControlAllowHeaders::Only(Vec))` `cors_allow_headers(AccessControlAllowHeaders::Any)` The default is `Any`, as to not break the existing behavior. If `Only` is chosen there will still be some default headers which are always allowed (`Content-Type`, etc.). * (cache always allowed headers and use HashSet for them) * (get rid of Deref import) * (do not expose Ascii) * (convert Vector to HashSet for allowed headers set by user) * (change to non-owned str to prevent copying the header when testing containment)
- Loading branch information
1 parent
502313a
commit 8903a0c
Showing
12 changed files
with
744 additions
and
89 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.