1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
use actix_web::{http::StatusCode, HttpResponse, ResponseError};
use derive_more::{Display, Error};

/// Errors that can occur when processing CORS guarded requests.
#[derive(Debug, Clone, Display, Error)]
#[non_exhaustive]
pub enum CorsError {
    /// Allowed origin argument must not be wildcard (`*`).
    #[display(fmt = "`allowed_origin` argument must not be wildcard (`*`)")]
    WildcardOrigin,

    /// Request header `Origin` is required but was not provided.
    #[display(fmt = "Request header `Origin` is required but was not provided")]
    MissingOrigin,

    /// Request header `Access-Control-Request-Method` is required but is missing.
    #[display(fmt = "Request header `Access-Control-Request-Method` is required but is missing")]
    MissingRequestMethod,

    /// Request header `Access-Control-Request-Method` has an invalid value.
    #[display(fmt = "Request header `Access-Control-Request-Method` has an invalid value")]
    BadRequestMethod,

    /// Request header `Access-Control-Request-Headers` has an invalid value.
    #[display(fmt = "Request header `Access-Control-Request-Headers` has an invalid value")]
    BadRequestHeaders,

    /// Origin is not allowed to make this request.
    #[display(fmt = "Origin is not allowed to make this request")]
    OriginNotAllowed,

    /// Request method is not allowed.
    #[display(fmt = "Requested method is not allowed")]
    MethodNotAllowed,

    /// One or more request headers are not allowed.
    #[display(fmt = "One or more request headers are not allowed")]
    HeadersNotAllowed,
}

impl ResponseError for CorsError {
    fn status_code(&self) -> StatusCode {
        StatusCode::BAD_REQUEST
    }

    fn error_response(&self) -> HttpResponse {
        HttpResponse::with_body(self.status_code(), self.to_string()).map_into_boxed_body()
    }
}