snap-cors-1.1.0: Add CORS headers to Snap applications

Safe HaskellNone

Snap.CORS

Contents

Description

Add CORS (cross-origin resource sharing) headers to a Snap application. CORS headers can be added either conditionally or unconditionally to the entire site, or you can apply CORS headers to a single route.

Synopsis

Wrappers

wrapCORS :: Initializer b v ()Source

Apply CORS for every request, unconditionally.

wrapCorswrapCORSWithOptions defaultOptions

wrapCORSWithOptions :: CORSOptions (Handler b v) -> Initializer b v ()Source

Initialize CORS for all requests with specific options.

Applying CORS to a specific response

applyCORS :: MonadSnap m => CORSOptions m -> m ()Source

Apply CORS headers to a specific request. This is useful if you only have a single action that needs CORS headers, and you don't want to pay for conditional checks on every request.

Option Specification

data CORSOptions m Source

Specify the options to use when building CORS headers for a response. Most of these options are Handler actions to allow you to conditionally determine the setting of each header.

Constructors

CORSOptions 

Fields

corsAllowOrigin :: m OriginList

Which origins are allowed to make cross-origin requests.

corsAllowCredentials :: m Bool

Whether or not to allow exposing the response when the omit credentials flag is unset.

corsExposeHeaders :: m (HashSet (CI ByteString))

A list of headers that are exposed to clients. This allows clients to read the values of these headers, if the response includes them.

defaultOptions :: Monad m => CORSOptions mSource

Liberal default options. Specifies that:

  • All origins may make cross-origin requests * allow-credentials is true. * No extra headers beyond simple headers are exposed

All options are determined unconditionally.

Origin lists

data OriginList Source

Used to specify the contents of the Access-Control-Allow-Origin header.

Constructors

Everywhere

Allow any origin to access this resource. Corresponds to Access-Control-Allow-Origin: *

Nowhere

Do not allow cross-origin requests

Origins OriginSet

Allow cross-origin requests from these origins.

data OriginSet Source

A set of origins. RFC 6454 specifies that origins are a scheme, host and port, so the OriginSet wrapper around a HashSet ensures that each URI constists of nothing more than this.

mkOriginSet :: [URI] -> OriginSetSource

origins :: OriginSet -> HashSet HashableURISource

Internals

newtype HashableURI Source

A newtype over URI with a Hashable instance.

Constructors

HashableURI URI 

Instances