Class CorsPolicy
-
Method Summary
Modifier and TypeMethodDescriptionReturns the allowed set of request headers.Returns the allowed set of request methods.static CorsPolicyBuilder
builder()
Returns a newCorsPolicyBuilder
.static CorsPolicyBuilder
Returns a newCorsPolicyBuilder
with the specifiedorigins
.static CorsPolicyBuilder
Returns a newCorsPolicyBuilder
with the specifiedorigins
.static CorsPolicyBuilder
Returns a newCorsPolicyBuilder
with origins matching thepredicate
.static CorsPolicyBuilder
builderForOriginRegex
(String regex) Returns a newCorsPolicyBuilder
with origins matching theregex
.static CorsPolicyBuilder
builderForOriginRegex
(Pattern regex) Returns a newCorsPolicyBuilder
with origins matching theregex
.Returns a set of headers to be exposed to calling clients.Generates immutable HTTP response headers that should be added to a CORS preflight response.boolean
Determines if cookies are supported for CORS requests.boolean
Determines if the policy allows a"null"
origin.long
maxAge()
Gets themaxAge
setting.origin()
Deprecated.Returns predicate to match origins.origins()
Deprecated.@deprecated UseoriginPredicate()
to check if an origin is allowed.routes()
Returns the list ofRoute
s that this policy is supposed to be applied to.boolean
Determines whether all request headers are allowed.toString()
-
Method Details
-
builder
Returns a newCorsPolicyBuilder
. -
builder
Returns a newCorsPolicyBuilder
with the specifiedorigins
. -
builder
Returns a newCorsPolicyBuilder
with the specifiedorigins
. -
builder
Returns a newCorsPolicyBuilder
with origins matching thepredicate
. -
builderForOriginRegex
Returns a newCorsPolicyBuilder
with origins matching theregex
. -
builderForOriginRegex
Returns a newCorsPolicyBuilder
with origins matching theregex
. -
origin
Deprecated.UseoriginPredicate()
to check if an origin is allowed.Returns the allowed origin. This can either be a wildcard or an origin value. This method returns the first specified origin if this policy has more than one origin.- Returns:
- the value that will be used for the CORS response header
"Access-Control-Allow-Origin"
-
origins
Deprecated.@deprecated UseoriginPredicate()
to check if an origin is allowed.Returns the set of allowed origins. -
originPredicate
Returns predicate to match origins. -
routes
Returns the list ofRoute
s that this policy is supposed to be applied to. -
isCredentialsAllowed
public boolean isCredentialsAllowed()Determines if cookies are supported for CORS requests.By default cookies are not included in CORS requests but if
isCredentialsAllowed
returnstrue
cookies will be added to CORS requests. Setting this value totrue
will set the CORS"Access-Control-Allow-Credentials"
response header totrue
.Please note that cookie support needs to be enabled on the client side as well. The client needs to opt-in to send cookies by calling:
xhr.withCredentials = true;
The default value for
'withCredentials'
isfalse
in which case no cookies are sent. Settingthis
totrue
will include cookies in cross origin requests.- Returns:
true
if cookies are supported.
-
maxAge
public long maxAge()Gets themaxAge
setting.When making a preflight request the client has to perform two requests which can be inefficient. This setting will set the CORS
"Access-Control-Max-Age"
response header and enable the caching of the preflight response for the specified time. During this time no preflight request will be made.- Returns:
- the time in seconds that a preflight request may be cached.
-
exposedHeaders
Returns a set of headers to be exposed to calling clients.During a simple CORS request only certain response headers are made available by the browser, for example using:
The headers that are available by default are:xhr.getResponseHeader("Content-Type");
Cache-Control
Content-Language
Content-Type
Expires
Last-Modified
Pragma
To expose other headers they need to be specified, which is what this method enables by adding the headers names to the CORS
"Access-Control-Expose-Headers"
response header.- Returns:
- the list of the headers to expose.
-
allowedRequestMethods
Returns the allowed set of request methods. The Http methods that should be returned in the CORS"Access-Control-Request-Method"
response header.- Returns:
- the
HttpMethod
s that represent the allowed request methods.
-
allowedRequestHeaders
Returns the allowed set of request headers.The header names returned from this method will be used to set the CORS
"Access-Control-Allow-Headers"
response header. -
isNullOriginAllowed
public boolean isNullOriginAllowed()Determines if the policy allows a"null"
origin. -
generatePreflightResponseHeaders
Generates immutable HTTP response headers that should be added to a CORS preflight response.- Returns:
HttpHeaders
the HTTP response headers to be added.
-
shouldAllowAllRequestHeaders
public boolean shouldAllowAllRequestHeaders()Determines whether all request headers are allowed.- Returns:
- true if all request headers are allowed, false if only specific request headers are allowed.
-
toString
-
originPredicate()
to check if an origin is allowed.