headers/common/
access_control_allow_credentials.rs

1use http::{HeaderName, HeaderValue};
2
3use crate::{Error, Header};
4
5/// `Access-Control-Allow-Credentials` header, part of
6/// [CORS](http://www.w3.org/TR/cors/#access-control-allow-headers-response-header)
7///
8/// > The Access-Control-Allow-Credentials HTTP response header indicates whether the
9/// > response to request can be exposed when the credentials flag is true. When part
10/// > of the response to an preflight request it indicates that the actual request can
11/// > be made with credentials. The Access-Control-Allow-Credentials HTTP header must
12/// > match the following ABNF:
13///
14/// # ABNF
15///
16/// ```text
17/// Access-Control-Allow-Credentials: "Access-Control-Allow-Credentials" ":" "true"
18/// ```
19///
20/// Since there is only one acceptable field value, the header struct does not accept
21/// any values at all. Setting an empty `AccessControlAllowCredentials` header is
22/// sufficient. See the examples below.
23///
24/// # Example values
25/// * "true"
26///
27/// # Examples
28///
29/// ```
30/// use headers::AccessControlAllowCredentials;
31///
32/// let allow_creds = AccessControlAllowCredentials;
33/// ```
34#[derive(Clone, PartialEq, Eq, Debug)]
35pub struct AccessControlAllowCredentials;
36
37impl Header for AccessControlAllowCredentials {
38    fn name() -> &'static HeaderName {
39        &::http::header::ACCESS_CONTROL_ALLOW_CREDENTIALS
40    }
41
42    fn decode<'i, I: Iterator<Item = &'i HeaderValue>>(values: &mut I) -> Result<Self, Error> {
43        values
44            .next()
45            .and_then(|value| {
46                if value == "true" {
47                    Some(AccessControlAllowCredentials)
48                } else {
49                    None
50                }
51            })
52            .ok_or_else(Error::invalid)
53    }
54
55    fn encode<E: Extend<HeaderValue>>(&self, values: &mut E) {
56        values.extend(::std::iter::once(HeaderValue::from_static("true")));
57    }
58}
59
60#[cfg(test)]
61mod tests {
62    use super::super::test_decode;
63    use super::*;
64
65    #[test]
66    fn allow_credentials_is_case_sensitive() {
67        let allow_header = test_decode::<AccessControlAllowCredentials>(&["true"]);
68        assert!(allow_header.is_some());
69
70        let allow_header = test_decode::<AccessControlAllowCredentials>(&["True"]);
71        assert!(allow_header.is_none());
72    }
73}