index : static-web-server.git

ascending towards madness

author Jose Quintana <joseluisquintana20@gmail.com> 2022-03-10 22:03:53.0 +00:00:00
committer Jose Quintana <joseluisquintana20@gmail.com> 2022-03-10 22:03:53.0 +00:00:00
commit 
781ba91a76eea3b20873014203074dbcc683d31a [patch]
tree 
0cc43cecf7745d8aa97684585f786cf60eab0d11
parent 
dc8bc4ddc6c8006cd3d4893e56293a5376d5d518
download 
781ba91a76eea3b20873014203074dbcc683d31a.tar.gz

docs: cors allowed headers [skip ci]




Diff


 docs/content/configuration/environment-variables.md |  3 +++
 docs/content/features/cors.md                       | 20 ++++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/docs/content/configuration/environment-variables.md b/docs/content/configuration/environment-variables.md
index 383eb41..043a18d 100644
--- a/docs/content/configuration/environment-variables.md
+++ b/docs/content/configuration/environment-variables.md
@@ -45,6 +45,9 @@ Specify the file path to read the private key. Default empty (disabled).
### SERVER_CORS_ALLOW_ORIGINS
Specify a optional CORS list of allowed origin hosts separated by comas. Host ports or protocols aren't being checked. Use an asterisk (*) to allow any host. Default empty (disabled).

### SERVER_CORS_ALLOW_HEADERS
Specify an optional CORS list of allowed HTTP headers separated by comas. It requires `SERVER_CORS_ALLOW_ORIGINS` to be used along with. Default `origin, content-type`.

### SERVER_COMPRESSION
`Gzip`, `Deflate` or `Brotli` compression on demand determined by the `Accept-Encoding` header and applied to text-based web file types only. See [ad-hoc mime-type list](https://github.com/joseluisq/static-web-server/blob/master/src/compression.rs#L20). Default `true` (enabled).

diff --git a/docs/content/features/cors.md b/docs/content/features/cors.md
index 787bfcd..07a8564 100644
--- a/docs/content/features/cors.md
+++ b/docs/content/features/cors.md
@@ -18,3 +18,23 @@ static-web-server \
    # Or use an asterisk to allow any host
    # --cors-allow-origins "*"
```

## Allowed headers

The server also supports a list of [CORS allowed headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers) separated by comas.

This feature depends on `--cors-allow-origins` to be used along with this feature. It can be controlled by the string `-j, --cors-allow-headers` option or the equivalent [SERVER_CORS_ALLOW_HEADERS](./../configuration/environment-variables.md#server_cors_allow_headers) env.

!!! info "Tips"
    - The default allowed headers value is `origin, content-type`.
    - The server also supports [preflight requests](https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request) via the `OPTIONS` method. See [Preflighted requests in CORS](./../http-methods/#preflighted-requests-in-cors).

Below an example of how to  CORS.

```sh
static-web-server \
    --port 8787 \
    --root ./my-public-dir \
    --cors-allow-origins "https://domain.com"
    --cors-allow-headers "origin, content-type, x-requested-with"
```