snap-core-1.0.2.0: Snap: A Haskell Web Framework (core interfaces and types)

Safe HaskellNone
LanguageHaskell2010

Snap.Util.CORS

Contents

Description

Add CORS (cross-origin resource sharing) headers to a Snap application. CORS headers can be added either conditionally or unconditionally to the entire site, or you can apply CORS headers to a single route.

To use in a snaplet, simply use wrapSite:

wrapSite $ applyCORS defaultOptions

Synopsis

Applying CORS to a specific response

applyCORS :: MonadSnap m => CORSOptions m -> m () -> m () Source #

Apply CORS headers to a specific request. This is useful if you only have a single action that needs CORS headers, and you don't want to pay for conditional checks on every request.

You should note that applyCORS needs to be used before you add any method combinators. For example, the following won't do what you want:

method POST $ applyCORS defaultOptions $ myHandler

This fails to work as CORS requires an OPTIONS request in the preflighting stage, but this would get filtered out. Instead, use

applyCORS defaultOptions $ method POST $ myHandler

Option Specification

data CORSOptions m Source #

Specify the options to use when building CORS headers for a response. Most of these options are Handler actions to allow you to conditionally determine the setting of each header.

Constructors

CORSOptions 

Fields

defaultOptions :: Monad m => CORSOptions m Source #

Liberal default options. Specifies that:

  • All origins may make cross-origin requests
  • allow-credentials is true.
  • No extra headers beyond simple headers are exposed.
  • GET, POST, PUT, DELETE and HEAD are all allowed.
  • All request headers are allowed.

All options are determined unconditionally.

Origin lists

data OriginList Source #

Used to specify the contents of the Access-Control-Allow-Origin header.

Constructors

Everywhere

Allow any origin to access this resource. Corresponds to Access-Control-Allow-Origin: *

Nowhere

Do not allow cross-origin requests

Origins OriginSet

Allow cross-origin requests from these origins.

data OriginSet Source #

A set of origins. RFC 6454 specifies that origins are a scheme, host and port, so the OriginSet wrapper around a HashSet ensures that each URI constists of nothing more than this.

Internals