Safe Haskell | Safe-Inferred |
---|---|
Language | Haskell2010 |
Add CORS (cross-origin resource sharing) headers to a Snap application. CORS headers can be added either conditionally or unconditionally to the entire site, or you can apply CORS headers to a single route.
To use in a snaplet, simply use wrapSite
:
wrapSite $ applyCORS defaultOptions
Synopsis
- applyCORS :: MonadSnap m => CORSOptions m -> m () -> m ()
- data CORSOptions m = CORSOptions {
- corsAllowOrigin :: m OriginList
- corsAllowCredentials :: m Bool
- corsExposeHeaders :: m (HashSet (CI ByteString))
- corsAllowedMethods :: m (HashSet HashableMethod)
- corsAllowedHeaders :: HashSet ByteString -> m (HashSet ByteString)
- defaultOptions :: Monad m => CORSOptions m
- data OriginList
- data OriginSet
- mkOriginSet :: [URI] -> OriginSet
- origins :: OriginSet -> HashSet HashableURI
- newtype HashableURI = HashableURI URI
- newtype HashableMethod = HashableMethod Method
Applying CORS to a specific response
applyCORS :: MonadSnap m => CORSOptions m -> m () -> m () Source #
Apply CORS headers to a specific request. This is useful if you only have a single action that needs CORS headers, and you don't want to pay for conditional checks on every request.
You should note that applyCORS
needs to be used before you add any
method
combinators. For example, the following won't do what you want:
method POST $ applyCORS defaultOptions $ myHandler
This fails to work as CORS requires an OPTIONS
request in the preflighting
stage, but this would get filtered out. Instead, use
applyCORS defaultOptions $ method POST $ myHandler
Option Specification
data CORSOptions m Source #
Specify the options to use when building CORS headers for a response. Most
of these options are Handler
actions to allow you to conditionally
determine the setting of each header.
CORSOptions | |
|
defaultOptions :: Monad m => CORSOptions m Source #
Liberal default options. Specifies that:
- All origins may make cross-origin requests
allow-credentials
is true.- No extra headers beyond simple headers are exposed.
GET
,POST
,PUT
,DELETE
andHEAD
are all allowed.- All request headers are allowed.
All options are determined unconditionally.
Origin lists
data OriginList Source #
Used to specify the contents of the Access-Control-Allow-Origin
header.
Everywhere | Allow any origin to access this resource. Corresponds to
|
Nowhere | Do not allow cross-origin requests |
Origins OriginSet | Allow cross-origin requests from these origins. |
mkOriginSet :: [URI] -> OriginSet Source #
Internals
newtype HashableURI Source #
Instances
Show HashableURI Source # | |
Defined in Snap.Util.CORS showsPrec :: Int -> HashableURI -> ShowS # show :: HashableURI -> String # showList :: [HashableURI] -> ShowS # | |
Eq HashableURI Source # | |
Defined in Snap.Util.CORS (==) :: HashableURI -> HashableURI -> Bool # (/=) :: HashableURI -> HashableURI -> Bool # | |
Hashable HashableURI Source # | |
Defined in Snap.Util.CORS hashWithSalt :: Int -> HashableURI -> Int # hash :: HashableURI -> Int # |
newtype HashableMethod Source #
Instances
Show HashableMethod Source # | |
Defined in Snap.Util.CORS showsPrec :: Int -> HashableMethod -> ShowS # show :: HashableMethod -> String # showList :: [HashableMethod] -> ShowS # | |
Eq HashableMethod Source # | |
Defined in Snap.Util.CORS (==) :: HashableMethod -> HashableMethod -> Bool # (/=) :: HashableMethod -> HashableMethod -> Bool # | |
Hashable HashableMethod Source # | |
Defined in Snap.Util.CORS hashWithSalt :: Int -> HashableMethod -> Int # hash :: HashableMethod -> Int # |