Package com.thetransactioncompany.cors
Cross-Origin Resource Sharing (CORS) Filter
This package provides a Java servlet filter that implements the Cross-Origin Resource Sharing (CORS) mechanism for making cross-site HTTP requests from web browsers. The CORS W3C working draft stabilised in 2009 and as of 2010 CORS is supported by all major browsers such as Firefox, Safari, Chrome and IE.
To enable CORS for a particular HTTP resource, such as a servlet, JSP or
plain HTML file, attach a CORSFilter
to it via a <filter-mapping>
element in the web.xml
descriptor file. The default CORS filter policy is to allow any origin
(including credentials). To impose a stricter access policy configure the
filter using the supported <init-param>
elements or a Java
properties file. See the CORSFilter
JavaDoc for configuration details.
The CORS Filter can be configured to tag the allowed CORS HTTP requests
with HttpServletRequest.addAttribute
to provide the following
information to downstream handlers:
cors.isCorsRequest
{Boolean} Indicates if the HTTP request is CORS.cors.origin
{String} the value of the "Origin" header,null
if undefined.cors.requestType
{String} If the request is CORS, indicates its type - "actual" for simple / actual or "preflight".cors.requestHeaders
{String} if the request is CORS preflight, the value of the "Access-Control-Request-Headers" header,null
if undefined.
This CORS filter version implements the W3C recommendation from 16 January 2014.
Supported CORS request types:
Supported CORS headers:
- Request headers:
- Response headers:
Package dependencies:
com.thetransactioncompany.util
provides parsing of the filter init parameters (included in the CORS filter distribution).
-
Class Summary Class Description CORSConfiguration The CORS filter configuration.CORSConfigurationLoader CORS configuration loader.CORSFilter Cross-Origin Resource Sharing (CORS) servlet filter.CORSRequestHandler Handles incoming cross-origin (CORS) requests according to the configured access policy.CORSResponseWrapper HTTP response wrapper that preserves the CORS response headers onServletResponse.reset()
.HeaderName HTTP header name constants and utilities.HeaderUtils Header utilities.Origin Resource request origin (not validated), as defined in The Web Origin Concept (RFC 6454).RequestTagger Request tagger.ValidatedOrigin Validated resource request origin, as defined in The Web Origin Concept (RFC 6454). -
Enum Summary Enum Description CORSRequestType Enumeration of the CORS request types. -
Exception Summary Exception Description CORSConfigurationException CORS filter configuration exception, intended to report invalid init parameters at startup.CORSException Base Cross-Origin Resource Sharing (CORS) exception, typically thrown during processing of CORS requests.OriginException Origin exception.