Annotation Interface CorsDecorator
@Repeatable(CorsDecorators.class)
@Retention(RUNTIME)
@Target({TYPE,METHOD})
public @interface CorsDecorator
A
CorsService
decorator for annotated HTTP services.-
Required Element Summary
-
Optional Element Summary
Modifier and TypeOptional ElementDescriptionboolean
Allows all HTTP headers in the CORS"Access-Control-Request-Headers"
request header.String[]
The headers that should be returned in the CORS"Access-Control-Allow-Headers"
response header.The allowed HTTP request methods that should be returned in the CORS"Access-Control-Allow-Methods"
response header.boolean
Determines if cookies are allowed to be added to CORS requests.String[]
The headers to be exposed to calling clients.long
The value of the CORS"Access-Control-Max-Age"
response header which enables the caching of the preflight response for the specified time.boolean
Determines if a"null"
origin is allowed.String[]
The path patterns that this policy is supposed to be applied to.boolean
Determines if no preflight response headers should be added to a CORS preflight response.The HTTP response headers that should be added to a CORS preflight response.
-
Element Details
-
origins
String[] originsAllowed origins. Sets this property to be"*"
to allow any origin.
-
-
-
pathPatterns
String[] pathPatternsThe path patterns that this policy is supposed to be applied to. If unspecified, all paths would be accepted.- Default:
- {}
-
allowedRequestMethods
HttpMethod[] allowedRequestMethodsThe allowed HTTP request methods that should be returned in the CORS"Access-Control-Allow-Methods"
response header.- Default:
- {}
-
maxAge
long maxAgeThe value of the CORS"Access-Control-Max-Age"
response header which enables the caching of the preflight response for the specified time. During this time no preflight request will be made.- See Also:
- Default:
- 0L
-
exposedHeaders
String[] exposedHeadersThe headers to be exposed to calling clients.- Default:
- {}
-
allowAllRequestHeaders
boolean allowAllRequestHeadersAllows all HTTP headers in the CORS"Access-Control-Request-Headers"
request header.- Default:
- false
-
allowedRequestHeaders
String[] allowedRequestHeadersThe headers that should be returned in the CORS"Access-Control-Allow-Headers"
response header.- Default:
- {}
-
credentialsAllowed
boolean credentialsAllowedDetermines if cookies are allowed to be added to CORS requests. Settings this to betrue
will set the CORS"Access-Control-Allow-Credentials"
response header to"true"
.If unset, will be
false
.- See Also:
- Default:
- false
-
nullOriginAllowed
boolean nullOriginAllowedDetermines if a"null"
origin is allowed.If unset, will be
false
.- See Also:
- Default:
- false
-
preflightRequestHeaders
AdditionalHeader[] preflightRequestHeadersThe HTTP response headers that should be added to a CORS preflight response.- Default:
- {}
-
preflightRequestDisabled
boolean preflightRequestDisabledDetermines if no preflight response headers should be added to a CORS preflight response.If unset, will be
false
.- Default:
- false
-