Class CorsServiceBuilder
public final class CorsServiceBuilder extends Object
CorsService
or its decorator function.
Example
ServerBuilder sb = Server.builder();
sb.service("/cors", myService.decorate(
CorsService.builder("http://example.com", "http://example2.com")
.shortCircuit()
.allowNullOrigin()
.allowCredentials()
.allowRequestMethods(HttpMethod.GET, HttpMethod.POST)
.allowRequestHeaders("allow_request_header1", "allow_request_header2")
.andForOrigins("http://example3.com")
.allowCredentials()
.allowRequestMethods(HttpMethod.GET)
.and()
.newDecorator()));
-
Method Summary
Modifier and Type Method Description CorsServiceBuilder
addPolicy(CorsPolicy policy)
Adds aCorsPolicy
instance in the service.CorsServiceBuilder
allowCredentials()
Enables cookies to be added to CORS requests.CorsServiceBuilder
allowNullOrigin()
Enables a successful CORS response with a"null"
value for the CORS response header"Access-Control-Allow-Origin"
.CorsServiceBuilder
allowRequestHeaders(CharSequence... headers)
Specifies the headers that should be returned in the CORS"Access-Control-Allow-Headers"
response header.CorsServiceBuilder
allowRequestHeaders(Iterable<? extends CharSequence> headers)
Specifies the headers that should be returned in the CORS"Access-Control-Allow-Headers"
response header.CorsServiceBuilder
allowRequestMethods(HttpMethod... methods)
Specifies the allowed set of HTTP request methods that should be returned in the CORS"Access-Control-Allow-Methods"
response header.CorsServiceBuilder
allowRequestMethods(Iterable<HttpMethod> methods)
Specifies the allowed set of HTTP request methods that should be returned in the CORS"Access-Control-Allow-Methods"
response header.ChainedCorsPolicyBuilder
andForOrigin(String origin)
Creates a new builder instance for a newCorsPolicy
.ChainedCorsPolicyBuilder
andForOrigins(Iterable<String> origins)
Creates a new builder instance for a newCorsPolicy
.ChainedCorsPolicyBuilder
andForOrigins(String... origins)
Creates a new builder instance for a newCorsPolicy
.CorsService
build(HttpService delegate)
Returns a newly-createdCorsService
based on the properties of this builder.CorsServiceBuilder
disablePreflightResponseHeaders()
Specifies that no preflight response headers should be added to a preflight response.CorsServiceBuilder
exposeHeaders(CharSequence... headers)
Specifies the headers to be exposed to calling clients.CorsServiceBuilder
exposeHeaders(Iterable<? extends CharSequence> headers)
Specifies the headers to be exposed to calling clients.CorsServiceBuilder
maxAge(long maxAge)
Sets the CORS"Access-Control-Max-Age"
response header and enables the caching of the preflight response for the specified time.CorsServiceBuilder
maxAge(Duration maxAge)
Sets the CORS"Access-Control-Max-Age"
response header and enables the caching of the preflight response for the specified time.Function<? super HttpService,CorsService>
newDecorator()
Returns a newly-created decorator that decorates anHttpService
with a newCorsService
based on the properties of this builder.CorsServiceBuilder
preflightResponseHeader(CharSequence name, Iterable<?> values)
Returns HTTP response headers that should be added to a CORS preflight response.CorsServiceBuilder
preflightResponseHeader(CharSequence name, Object... values)
Returns HTTP response headers that should be added to a CORS preflight response.CorsServiceBuilder
preflightResponseHeader(CharSequence name, Supplier<?> valueSupplier)
Returns HTTP response headers that should be added to a CORS preflight response.CorsServiceBuilder
route(String pathPattern)
Adds a path pattern that this policy is supposed to be applied to.CorsServiceBuilder
shortCircuit()
Specifies that a CORS request should be rejected if it's invalid before being further processing.String
toString()
-
Method Details
-
addPolicy
Adds aCorsPolicy
instance in the service. -
route
Adds a path pattern that this policy is supposed to be applied to.- Parameters:
pathPattern
- the path pattern that this policy is supposed to be applied to- Throws:
IllegalArgumentException
- if the path pattern is not valid
-
allowNullOrigin
Enables a successful CORS response with a"null"
value for the CORS response header"Access-Control-Allow-Origin"
. Web browsers may set the"Origin"
request header to"null"
if a resource is loaded from the local file system.- Returns:
this
to support method chaining.- Throws:
IllegalStateException
- ifanyOriginSupported
istrue
.
-
allowCredentials
Enables cookies to be added to CORS requests. Calling this method will set the CORS"Access-Control-Allow-Credentials"
response header totrue
. By default, cookies are not included in CORS requests.Please note, that cookie support needs to be enabled on the client side as well. The client needs to opt-in to send cookies by calling:
xhr.withCredentials = true;
The default value for
'withCredentials'
isfalse
in which case no cookies are sent. Setting this totrue
will include cookies in cross origin requests.- Returns:
CorsServiceBuilder
to support method chaining.
-
shortCircuit
Specifies that a CORS request should be rejected if it's invalid before being further processing.CORS headers are set after a request is processed. This may not always be desired and this setting will check that the Origin is valid and if it is not valid no further processing will take place, and a error will be returned to the calling client.
- Returns:
CorsServiceBuilder
to support method chaining.- Throws:
IllegalStateException
- ifanyOriginSupported
istrue
.
-
maxAge
Sets the CORS"Access-Control-Max-Age"
response header and enables the caching of the preflight response for the specified time. During this time no preflight request will be made.- Parameters:
maxAge
- the maximum time, in seconds, that the preflight response may be cached.- Returns:
CorsServiceBuilder
to support method chaining.
-
maxAge
Sets the CORS"Access-Control-Max-Age"
response header and enables the caching of the preflight response for the specified time. During this time no preflight request will be made.- Parameters:
maxAge
- the maximum time that the preflight response may be cached. Rounded to seconds.- Returns:
CorsServiceBuilder
to support method chaining.
-
exposeHeaders
Specifies the headers to be exposed to calling clients.During a simple CORS request, only certain response headers are made available by the browser, for example using:
xhr.getResponseHeader("Content-Type");
The headers that are available by default are:
Cache-Control
Content-Language
Content-Type
Expires
Last-Modified
Pragma
To expose other headers they need to be specified which is what this method enables by adding the headers to the CORS
"Access-Control-Expose-Headers"
response header.- Parameters:
headers
- the values to be added to the"Access-Control-Expose-Headers"
response header- Returns:
CorsServiceBuilder
to support method chaining.
-
exposeHeaders
Specifies the headers to be exposed to calling clients.During a simple CORS request, only certain response headers are made available by the browser, for example using:
xhr.getResponseHeader("Content-Type");
The headers that are available by default are:
Cache-Control
Content-Language
Content-Type
Expires
Last-Modified
Pragma
To expose other headers they need to be specified which is what this method enables by adding the headers to the CORS
"Access-Control-Expose-Headers"
response header.- Parameters:
headers
- the values to be added to the"Access-Control-Expose-Headers"
response header- Returns:
CorsServiceBuilder
to support method chaining.
-
allowRequestMethods
Specifies the allowed set of HTTP request methods that should be returned in the CORS"Access-Control-Allow-Methods"
response header.- Parameters:
methods
- theHttpMethod
s that should be allowed.- Returns:
CorsServiceBuilder
to support method chaining.
-
allowRequestMethods
Specifies the allowed set of HTTP request methods that should be returned in the CORS"Access-Control-Allow-Methods"
response header.- Parameters:
methods
- theHttpMethod
s that should be allowed.- Returns:
CorsServiceBuilder
to support method chaining.
-
allowRequestHeaders
Specifies the headers that should be returned in the CORS"Access-Control-Allow-Headers"
response header.If a client specifies headers on the request, for example by calling:
the server will receive the above header name in thexhr.setRequestHeader('My-Custom-Header', 'SomeValue');
"Access-Control-Request-Headers"
of the preflight request. The server will then decide if it allows this header to be sent for the real request (remember that a preflight is not the real request but a request asking the server if it allows a request).- Parameters:
headers
- the headers to be added to the preflight"Access-Control-Allow-Headers"
response header.- Returns:
CorsServiceBuilder
to support method chaining.
-
allowRequestHeaders
Specifies the headers that should be returned in the CORS"Access-Control-Allow-Headers"
response header.If a client specifies headers on the request, for example by calling:
the server will receive the above header name in thexhr.setRequestHeader('My-Custom-Header', 'SomeValue');
"Access-Control-Request-Headers"
of the preflight request. The server will then decide if it allows this header to be sent for the real request (remember that a preflight is not the real request but a request asking the server if it allows a request).- Parameters:
headers
- the headers to be added to the preflight"Access-Control-Allow-Headers"
response header.- Returns:
CorsServiceBuilder
to support method chaining.
-
preflightResponseHeader
Returns HTTP response headers that should be added to a CORS preflight response.An intermediary like a load balancer might require that a CORS preflight request have certain headers set. This enables such headers to be added.
- Parameters:
name
- the name of the HTTP header.values
- the values for the HTTP header.- Returns:
CorsServiceBuilder
to support method chaining.
-
preflightResponseHeader
Returns HTTP response headers that should be added to a CORS preflight response.An intermediary like a load balancer might require that a CORS preflight request have certain headers set. This enables such headers to be added.
- Parameters:
name
- the name of the HTTP header.values
- the values for the HTTP header.- Returns:
CorsServiceBuilder
to support method chaining.
-
preflightResponseHeader
Returns HTTP response headers that should be added to a CORS preflight response.An intermediary like a load balancer might require that a CORS preflight request have certain headers set. This enables such headers to be added.
Some values must be dynamically created when the HTTP response is created, for example the 'Date' response header. This can be accomplished by using a
Supplier
which will have its 'call' method invoked when the HTTP response is created.- Parameters:
name
- the name of the HTTP header.valueSupplier
- aSupplier
which will be invoked at HTTP response creation.- Returns:
CorsServiceBuilder
to support method chaining.
-
disablePreflightResponseHeaders
Specifies that no preflight response headers should be added to a preflight response.- Returns:
CorsServiceBuilder
to support method chaining.
-
build
Returns a newly-createdCorsService
based on the properties of this builder. -
newDecorator
Returns a newly-created decorator that decorates anHttpService
with a newCorsService
based on the properties of this builder. -
andForOrigins
Creates a new builder instance for a newCorsPolicy
.- Returns:
ChainedCorsPolicyBuilder
to support method chaining.
-
andForOrigins
Creates a new builder instance for a newCorsPolicy
.- Returns:
ChainedCorsPolicyBuilder
to support method chaining.
-
andForOrigin
Creates a new builder instance for a newCorsPolicy
.- Returns:
ChainedCorsPolicyBuilder
to support method chaining.
-
toString
-