warp icon indicating copy to clipboard operation
warp copied to clipboard

Published 20 hours ago verified publisher icon seanmonstar

Docs for cors filters are misleading.

Open nicolaiunrein opened this issue 3 years ago • 4 comments

Description In the docs it states:

// If you want to allow any route
use warp::Filter;
let cors = warp::cors()
    .allow_any_origin();

Trying this with a simple websocket server did not work at all. After some research I found that I had to allow methods as well. Coming from actix_web where there is something like Cors::permissive() it was not an easy one to catch. I wish the docs were more like:

use warp::Filter;
let cors = warp::cors()
    .allow_any_origin()
    .allow_any_methods()
    .allow_any_headers()

perhaps it could be useful for development to create a cors filter to allow anything or have methods allow_any_methods and allow_any_headers defined on the filter builder. In any case stating that the current example code allows any route will fool people into believing so.

nicolaiunrein avatar Apr 16 '21 08:04 nicolaiunrein

I'd say that having a helper method in the builder (like allow_all) would ease this a bit (one could also then go back and adjust things)

jalcine avatar Apr 17 '21 01:04 jalcine

yeah we could add a permissive method on the builder that would call:

    .allow_any_origin()
    .allow_any_methods()
    .allow_any_headers()

jxs avatar Jun 01 '21 23:06 jxs

Hey, I wonder if allow_credentials() should also be part of this?

phungleson avatar Jun 13 '21 00:06 phungleson

@phungleson allow_credentials and allow_any_origin cannot coexist tho unless allow_any_origin adds requested origin dynamically rather than using *

ta3pks avatar Jun 18 '21 18:06 ta3pks