@Repeatable(CorsDecorators.class)
@Retention(RUNTIME)
@Target({TYPE,METHOD})
public @interface CorsDecorator

A CorsService decorator for annotated HTTP services.

Required Element Summary

Required Elements

Modifier and Type Required Element Description

String[] origins
Allowed origins.

Optional Element Summary

Optional Elements
Modifier and Type	Optional Element	Description
`String[]`	`allowedRequestHeaders`	The headers that should be returned in the CORS `"Access-Control-Allow-Headers"` response header.
`HttpMethod[]`	`allowedRequestMethods`	The allowed HTTP request methods that should be returned in the CORS `"Access-Control-Allow-Methods"` response header.
`boolean`	`credentialsAllowed`	Determines if cookies are allowed to be added to CORS requests.
`String[]`	`exposedHeaders`	The headers to be exposed to calling clients.
`long`	`maxAge`	The value of the CORS `"Access-Control-Max-Age"` response header which enables the caching of the preflight response for the specified time.
`boolean`	`nullOriginAllowed`	Determines if a `"null"` origin is allowed.
`String[]`	`pathPatterns`	The path patterns that this policy is supposed to be applied to.
`boolean`	`preflightRequestDisabled`	Determines if no preflight response headers should be added to a CORS preflight response.
`AdditionalHeader[]`	`preflightRequestHeaders`	The HTTP response headers that should be added to a CORS preflight response.

Element Details
- origins
  
  String[] origins
  
  Allowed origins. Sets this property to be "*" to allow any origin.
- pathPatterns
  
  String[] pathPatterns
  
  The path patterns that this policy is supposed to be applied to. If unspecified, all paths would be accepted.
  
  Default:
  
  {}
- allowedRequestMethods
  
  HttpMethod[] allowedRequestMethods
  
  The allowed HTTP request methods that should be returned in the CORS "Access-Control-Allow-Methods" response header.
  
  See Also:
  
  CorsPolicyBuilder.allowRequestMethods(HttpMethod...)
  
  Default:
  
  {}
- maxAge
  
  long maxAge
  
  The value of the CORS "Access-Control-Max-Age" response header which enables the caching of the preflight response for the specified time. During this time no preflight request will be made.
  
  See Also:
  
  CorsPolicyBuilder.maxAge(long)
  
  Default:
  
  0L
- exposedHeaders
  
  String[] exposedHeaders
  
  The headers to be exposed to calling clients.
  
  See Also:
  
  CorsPolicyBuilder.exposeHeaders(CharSequence...)
  
  Default:
  
  {}
- allowedRequestHeaders
  
  String[] allowedRequestHeaders
  
  The headers that should be returned in the CORS "Access-Control-Allow-Headers" response header.
  
  See Also:
  
  CorsPolicyBuilder.allowRequestHeaders(CharSequence...)
  
  Default:
  
  {}
- credentialsAllowed
  
  boolean credentialsAllowed
  
  Determines if cookies are allowed to be added to CORS requests. Settings this to be true will set the CORS "Access-Control-Allow-Credentials" response header to "true".
  If unset, will be false.
  
  See Also:
  
  CorsPolicyBuilder.allowCredentials()
  
  Default:
  
  false
- nullOriginAllowed
  
  boolean nullOriginAllowed
  
  Determines if a "null" origin is allowed.
  If unset, will be false.
  
  See Also:
  
  CorsPolicyBuilder.allowNullOrigin()
  
  Default:
  
  false
- preflightRequestHeaders
  
  AdditionalHeader[] preflightRequestHeaders
  
  The HTTP response headers that should be added to a CORS preflight response.
  
  See Also:
  
  CorsPolicyBuilder.preflightResponseHeader(CharSequence, Object...)
  
  Default:
  
  {}
- preflightRequestDisabled
  
  boolean preflightRequestDisabled
  
  Determines if no preflight response headers should be added to a CORS preflight response.
  If unset, will be false.
  
  See Also:
  
  CorsPolicyBuilder.disablePreflightResponseHeaders()
  
  Default:
  
  false

Annotation Type CorsDecorator

Required Element Summary

Optional Element Summary

Element Details