serv-0.1.0.0: Dependently typed API server framework

Safe HaskellNone
LanguageHaskell2010

Serv.Internal.Cors

Synopsis

Documentation

type Policy = Config -> Context -> AccessSet Source #

A CorsPolicy interprets the request's provided Origin and the current routing context to determine how to expose resources to the requestor.

class CorsPolicy m where Source #

Class describing types which describe CORS Policys.

Minimal complete definition

corsPolicy

Methods

corsPolicy :: Proxy m -> Policy Source #

Instances

data PermitAll Source #

The PermitAll policy produces the permitAll Policy.

Instances

headerSet :: Bool -> Context -> AccessSet -> [Header] Source #

data Context Source #

The CorsContext provides data from which we can make choices about how to respond to CORS requests.

Constructors

Context 

Fields

mergeContext :: Context -> Context -> Context Source #

data AccessSet Source #

Descrbes what parts of the response should be made available cross-origin. The Monoid product on AccessSets permits all accesses of either of the constituents.

Constructors

AccessSet 

Fields

Instances

Monoid AccessSet Source #

The empty access set disallows all CORS access while the product l <> r provides access to a particular part of the response if either l or r does.

permitAll :: Policy Source #

The most permissive CORS Policy possible. Differs from Wildcard in that it allows credentials. Max age is not provided (so no caching)

wildcard :: Policy Source #

Effects a wildcard policy which provides maximal cross-origin access to all request origins. This disallows credentials use, however.

predicateWhitelist :: (Text -> Bool) -> Policy Source #

Provides access to all origins which pass a predicate