#security #cross-origin #cors #web #actix

actix-cors

Cross-Origin Resource Sharing (CORS) controls for Actix Web

30 releases

0.7.1 Mar 11, 2025
0.7.0 Jan 6, 2024
0.6.5 Dec 6, 2023
0.6.4 Oct 28, 2022
0.1.0 Jun 15, 2019

#3 in HTTP server

Download history 97438/week @ 2025-01-13 88568/week @ 2025-01-20 93257/week @ 2025-01-27 102980/week @ 2025-02-03 110092/week @ 2025-02-10 90743/week @ 2025-02-17 103425/week @ 2025-02-24 95287/week @ 2025-03-03 107908/week @ 2025-03-10 101417/week @ 2025-03-17 100979/week @ 2025-03-24 99906/week @ 2025-03-31 106532/week @ 2025-04-07 115394/week @ 2025-04-14 120392/week @ 2025-04-21 88848/week @ 2025-04-28

436,921 downloads per month
Used in 183 crates (137 directly)

MIT/Apache

60KB
1K SLoC

actix-cors

crates.io Documentation Version MIT or Apache 2.0 licensed
Dependency Status Download Chat on Discord

Cross-Origin Resource Sharing (CORS) controls for Actix Web.

This middleware can be applied to both applications and resources. Once built, a Cors builder can be used as an argument for Actix Web's App::wrap(), Scope::wrap(), or Resource::wrap() methods.

This CORS middleware automatically handles OPTIONS preflight requests.

Crate Features

  • draft-private-network-access: ⚠️ Unstable. Adds opt-in support for the Private Network Access spec extensions. This feature is unstable since it will follow breaking changes in the draft spec until it is finalized.

Example

use actix_cors::Cors;
use actix_web::{get, http, web, App, HttpRequest, HttpResponse, HttpServer};

#[get("/index.html")]
async fn index(req: HttpRequest) -> &'static str {
    "<p>Hello World!</p>"
}

#[actix_web::main]
async fn main() -> std::io::Result<()> {
    HttpServer::new(|| {
        let cors = Cors::default()
            .allowed_origin("https://www.rust-lang.org")
            .allowed_origin_fn(|origin, _req_head| {
                origin.as_bytes().ends_with(b".rust-lang.org")
            })
            .allowed_methods(vec!["GET", "POST"])
            .allowed_headers(vec![http::header::AUTHORIZATION, http::header::ACCEPT])
            .allowed_header(http::header::CONTENT_TYPE)
            .max_age(3600);

        App::new()
            .wrap(cors)
            .service(index)
    })
    .bind(("127.0.0.1", 8080))?
    .run()
    .await;

    Ok(())
}

Documentation & Resources

Dependencies

~15–26MB
~438K SLoC