More detailed error messages and moved away from deprecated error::Error::description (#54)

* Replaced deprecated error::Error description with Display

* Make OriginNotAllowed and MethodNotAllowed error messages more useful
This commit is contained in:
Johan Bjäreholt 2018-12-12 22:53:44 +01:00 committed by Yong Wen Chua
parent d880c2a111
commit c4e4b7d585
1 changed files with 31 additions and 38 deletions

View File

@ -598,9 +598,9 @@ pub enum Error {
/// The request header `Access-Control-Request-Headers` is required but is missing.
MissingRequestHeaders,
/// Origin is not allowed to make this request
OriginNotAllowed,
OriginNotAllowed(String),
/// Requested method is not allowed
MethodNotAllowed,
MethodNotAllowed(String),
/// One or more headers requested are not allowed
HeadersNotAllowed,
/// Credentials are allowed, but the Origin is set to "*". This is not allowed by W3C
@ -620,8 +620,8 @@ impl Error {
fn status(&self) -> Status {
match *self {
Error::MissingOrigin
| Error::OriginNotAllowed
| Error::MethodNotAllowed
| Error::OriginNotAllowed(_)
| Error::MethodNotAllowed(_)
| Error::HeadersNotAllowed => Status::Forbidden,
Error::CredentialsWithWildcardOrigin
| Error::MissingCorsInRocketState
@ -631,39 +631,41 @@ impl Error {
}
}
impl error::Error for Error {
fn description(&self) -> &str {
match *self {
Error::MissingOrigin => "The request header `Origin` is required but is missing",
Error::BadOrigin(_) => "The request header `Origin` contains an invalid URL",
Error::MissingRequestMethod => {
impl fmt::Display for Error {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
match self {
Error::MissingOrigin => write!(f, "The request header `Origin` is required but is missing"),
Error::BadOrigin(_) => write!(f, "The request header `Origin` contains an invalid URL"),
Error::MissingRequestMethod => { write!(f,
"The request header `Access-Control-Request-Method` \
is required but is missing"
is required but is missing")
}
Error::BadRequestMethod => {
"The request header `Access-Control-Request-Method` has an invalid value"
Error::BadRequestMethod => { write!(f,
"The request header `Access-Control-Request-Method` has an invalid value")
}
Error::MissingRequestHeaders => {
Error::MissingRequestHeaders => { write!(f,
"The request header `Access-Control-Request-Headers` \
is required but is missing"
is required but is missing")
}
Error::OriginNotAllowed => "Origin is not allowed to request",
Error::MethodNotAllowed => "Method is not allowed",
Error::HeadersNotAllowed => "Headers are not allowed",
Error::CredentialsWithWildcardOrigin => {
Error::OriginNotAllowed(origin) => write!(f, "Origin '{}' is not allowed to request", &origin),
Error::MethodNotAllowed(method) => write!(f, "Method '{}' is not allowed", &method),
Error::HeadersNotAllowed => write!(f, "Headers are not allowed"),
Error::CredentialsWithWildcardOrigin => { write!(f,
"Credentials are allowed, but the Origin is set to \"*\". \
This is not allowed by W3C"
This is not allowed by W3C")
}
Error::MissingCorsInRocketState => {
"A CORS Request Guard was used, but no CORS Options was available in Rocket's state"
Error::MissingCorsInRocketState => { write!(f,
"A CORS Request Guard was used, but no CORS Options was available in Rocket's state")
}
Error::MissingInjectedHeader => {
Error::MissingInjectedHeader => write!(f,
"The `on_response` handler of Fairing could not find the injected header from the \
Request. Either some other fairing has removed it, or this is a bug."
Request. Either some other fairing has removed it, or this is a bug.")
}
}
}
impl error::Error for Error {
fn cause(&self) -> Option<&dyn error::Error> {
match *self {
Error::BadOrigin(ref e) => Some(e),
@ -672,15 +674,6 @@ impl error::Error for Error {
}
}
impl fmt::Display for Error {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
match *self {
Error::BadOrigin(ref e) => fmt::Display::fmt(e, f),
_ => write!(f, "{}", error::Error::description(self)),
}
}
}
impl<'r> response::Responder<'r> for Error {
fn respond_to(self, _: &Request<'_>) -> Result<response::Response<'r>, Status> {
error_!("CORS Error: {}", self);
@ -1584,7 +1577,7 @@ fn validate_origin(
AllOrSome::Some(ref allowed_origins) => allowed_origins
.get(origin)
.and_then(|_| Some(()))
.ok_or_else(|| Error::OriginNotAllowed),
.ok_or_else(|| Error::OriginNotAllowed(origin.to_string())),
}
}
@ -1595,7 +1588,7 @@ fn validate_allowed_method(
) -> Result<(), Error> {
let &AccessControlRequestMethod(ref request_method) = method;
if !allowed_methods.iter().any(|m| m == request_method) {
Err(Error::MethodNotAllowed)?
Err(Error::MethodNotAllowed(method.0.to_string()))?
}
// TODO: Subset to route? Or just the method requested for?