I am building a REST API with actix-web. How do I configure CORS to accept requests from any origin?
Cors::new() // <- Construct CORS middleware builder
.allowed_origin("localhost:8081")
.allowed_methods(vec!["GET", "POST"])
.allowed_headers(vec![http::header::AUTHORIZATION, http::header::ACCEPT])
.allowed_header(http::header::CONTENT_TYPE)
.max_age(3600)
The above code works from the web at localhost:8081
, but not from 0.0.0.0:8081
or 127.0.0.1:8081
. I tried "*"
to allow all, but it's not working. How do I allow all, or at least allow a specific origin and then pass multiple URLs?
By default All
origins is allowed
This is my simple CORS setup (allow all origins and methods + allow send credentials)
Cors::new().supports_credentials()
You can start with it, and disallow methods, origins and headers step-by-step.
Starting from actix-cors = "0.5.0"
, you can use:
Cors::permissive()
However, they recommend against using it in production: https://docs.rs/actix-cors/latest/actix_cors/struct.Cors.html#method.permissive
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With