CORS Example

[shnads]

Hello,
I'm really enjoying using Poem, but I've got to the point with my project that I need CORS and I can't figure out how it works? Is there an example somewhere for using the CORS middleware?

I'm doing it like this:

.with( Cors::new() .allow_origin("http://localhost:3000") .allow_method(Method::POST), );

But only the last call seems to take effect?

[sunli829]

origin should only contain the domain name.

.with( Cors::new() .allow_origin("localhost") .allow_method(Method::POST))

[shnads]

Thanks for the response, if I use that code I don't get any access control headers at all?

[sunli829]

Are you using the v0.7.0 version?

[shnads]

No, 0.6.10. I'll try to upgrade.

[shnads]

Same result with 0.7.1.

This is my code:

let app = route() .at( "/graphql", get(graphql_playground) .post(graphql_handler) .options(graphql_handler), ) .at("/join", post(join_handler)) .at("/activity", get(activity_handler)) .with(AddData::new(db_pool)) .with( Cors::new() .allow_origin("localhost") .allow_method(Method::POST) .allow_method(Method::OPTIONS), );

This is the response headers:

[shnads]

If I use:

.with( Cors::new() .allow_origin("*") .allow_method(Method::POST) .allow_method(Method::GET) .allow_method(Method::OPTIONS), );

It works! But I've tried "localhost", "localhost:3000" and "http://localhost:3000" and none of those work.

[shnads]

Alright, it's some weird Firefox only behaviour! If I set allow_origin to "http://localhost:3000" and open the test page in Chrome it works?!

Either way, nothing to do with Poem. Sorry to waste your time.

[sunli829]

Haha, thank you for helping me test. 😁

[sunli829]

I'm very sorry, I found a bug, I will fix it and release a new version. @shnads

[sunli829]

Fixed in v0.7.2 😁

[shnads]

@sunli829 Thanks you're awesome! I ported across a fairly large project from Actix to Poem in an afternoon and it was completely painless. Love your work.

[happysalada]

Hey, sorry to bother, it seems I am running into a cors issue again.
I have a minimal reproducing repo here https://github.com/happysalada/banking-prototype/blob/master/backend/src/main.rs#L87
Here is the code for reference

let schema = Schema::build(Query, Mutation, EmptySubscription)
        .data(pool)
        .finish();
    let cors =
        Cors::new()
            .allow_origin("*")
            .allow_methods([Method::POST, Method::GET, Method::OPTIONS]);

    let app = Route::new()
        .at(
            "/graphql",
            get(graphql_playground)
                .options(graphql_handler)
                .post(graphql_handler),
        )
        .data(schema)
        .with(cors);

Just for reference, adding the with(cors) breaks the graphql playground.
I am making a webapp where I really need cors though.

Thank you for the amazing framework!

(just in case, I verified that I was on the latest version 1.0.28, let me know if anything of course)

[sunli829]

The allow_origin method does not support wildcards. When the Cors middleware is created, any origins are allowed by default.

 let cors =
        Cors::new()
            .allow_methods([Method::POST, Method::GET, Method::OPTIONS]);

[happysalada]

I worked like a charm ❤️ Thanks a lot!