Rust actix-web框架跨域请求配置
在做Web服务时使用的是与主站配置的是fb.net, 另外个成员列表服务是m1.fb.net,这会造成一个跨域问题。在浏览器下使用XML Http Request或者fetch发出一个HTTP请求,假如这个HTTP的协议、主机名或者端口任意一个与当前网页地址有不一致时,为了安全浏览器会限制响应结果,通常这类问题就是所谓的跨域问题。
可以参考:https://segmentfault.com/a/1190000012550346
https://developer.mozilla.org/zh-CN/docs/Web/HTTP/CORS
解决跨域问题的方式有很多,比如jsonp,iframe等等。但在这里,我使用HTTP协议里约定的字段来解决这个问题,这也是最干净完美的解决方案。为了处理有跨域请求的特殊场景,HTTP协议里有一个特殊的响应头字段Access-Control-Allow-Origin,意思允许访问的Origin,值可以是通配符*,允许所有,或者写上一个具体的Origin值。
在actix-web里, 我们需要配合actix_cors来处理关于跨域请求的配置,以下是一个例子
Cargo.toml
[package]
name = "guser"
version = "1.0.0"
authors = ["Zhiyong "]
edition = "2021"
[dependencies]
actix-rt = "1.0.0"
actix-web = "2.0.0"
actix-cors = "0.2.0"
futures = "0.3"
main.rs
HttpServer::new(move || {
let state = AppState { gs: svc.clone() };
App::new()
.app_data(web::FormConfig::default().limit(1024 * 16))
.data(state)
.wrap(middleware::Compress::new(ContentEncoding::Gzip))
.wrap(Cors::new()
.allowed_origin("https://xxx")
.allowed_origin("http://xxx")
.allowed_origin("https://xxx")
.allowed_origin("http://xxx")
.allowed_origin("http://local.xxx")
.allowed_origin("https://local.xxx")
//.send_wildcard()
.allowed_methods(vec!["GET", "POST", "DELETE", "OPTIONS"])
.allowed_headers(vec!["Access-Control-Allow-Headers",
"Authorization", "authorization", "X-Requested-With",
"Content-Type", "content-type", "Origin", "Client-id",
"user-agent", "User-Agent", "Accept", "Referer","referer",
"Nonce", "signature", "Timestamp","AppKey","x-super-properties",
"X-Super-Properties"])
.max_age(3600)
.finish())
.configure(routes)
})
.keep_alive(KeepAlive::Timeout(90))
//.workers(16)
.bind(http_addr)
.and_then(|server| {
info!("bind server to address {}", http_addr);
Ok(server)
})
.unwrap_or_else(|_err| {
error!("could not bind server to address {}", http_addr);
error!("error : {}", _err.to_string());
exit(-1)
})
.run()
.await
.expect("Could not run server")
测试一下
lizhiyong@lizhiyongdeMacBook-Pro ~ % curl -iv -H 'Origin:https://xxx' http://127.0.0.1:80
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1
> User-Agent: curl/7.64.1
> Accept: */*
> Origin:https://xxx
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< content-length: 12
content-length: 12
< vary: Origin
vary: Origin
< content-type: text/plain; charset=utf-8
content-type: text/plain; charset=utf-8
< access-control-allow-origin: https://xxx
access-control-allow-origin: https://xxx
< date: Mon, 26 Apr 2021 08:42:03 GMT
date: Mon, 26 Apr 2021 08:42:03 GMT
<
* Connection #0 to host 127.0.0.1 left intact
Hello world!* Closing connection 0
lizhiyong@lizhiyongdeMacBook-Pro ~ %
如果我们把Origin换成另一个域名,则会报错
lizhiyong@lizhiyongdeMacBook-Pro ~ % curl -iv -H 'Origin: https://www.qttcd.net' http://127.0.0.1:80
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1
> User-Agent: curl/7.64.1
> Accept: */*
> Origin: https://www.qttcd.net
>
< HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
< content-length: 42
content-length: 42
< date: Mon, 26 Apr 2021 08:41:22 GMT
date: Mon, 26 Apr 2021 08:41:22 GMT
<
* Connection #0 to host 127.0.0.1 left intact
Origin is not allowed to make this request* Closing connection 0
lizhiyong@lizhiyongdeMacBook-Pro ~ %
400出错了,提示
Origin is not allowed to make this request
不允许的Origin请求,另外http和https视为不同的origin,都需要添加支持。
allowed_origin("http://www.qttc.net")
allowed_origin("https://www.qttc.net")
如果你需要允许所有的Origin,也就是不做限制的话,那么使用*号做通配符
allowed_origin("*")
通常来说不建议这么干,
当然如果有nginx做负载的话,也可以在nginx上部署,此时后端服务可以不用如此实现了,否则可能会出现:
image.png