Actix-web Cors with custom header : I can get the header

⚓ Rust 📅 2025-09-25 👤 surdeus 👁️ 10

Warning

This post was published 36 days ago. The information described in this article may have changed.

Info

This post is auto-generated from RSS feed The Rust Programming Language Forum - Latest topics. Source: Actix-web Cors with custom header : I can get the header

Hi,

I am working on a backend where I have to make a response with a pdf and a report.

I send the pdf in the body and I put the report in the header like this :

HttpResponse::Ok()
    .append_header(("REPORT", json))
    .content_type("application/pdf")
    .body(pdf)),

This works well. But my teammate can access to my report header.
So we think we have to change Cors data in actix-web to make this header exposed.

Access-Control-Expose-Headers: report

So after reading the actix-cors documentation :

I was thinking to use this function.
But I realize that I was already using a very permissive Cors :

 let server = HttpServer::new(move || {
        let cors = actix_cors::Cors::permissive().allow_any_header();
        App::new()
            .wrap(cors)
...

Actually, this is not working for my teammates so I wonder how we can add Access-Control-Expose-Headers: report with actix-web ?

By the way, I test with postman, I have in my header the report and date (date not mine, by default) in the header :

But, in our front, my teammate can note get the report and date value.
And in my local computer, I can get the report, but not the date value...

On my computer, I have the Access-Control-Expose-Headers value that is definned :

I have date in header, but not in Access-Control-Expose-Headers.

For my teammates, there is no Access-Control-Expose-Headers value at all in the response.

So how can we get the report and date in our front ? Is the problem not from Access-Control-Expose-Headers ?

2 posts - 2 participants

Read full topic

🏷️ Rust_feed

👍 󠁮󠁮󠁮󠁮 👎 󠁮󠁮󠁮󠁮