io.jooby

Class Cors

java.lang.Object

io.jooby.Cors

public class Cors
extends Object

Cross-origin resource sharing

Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources (e.g. fonts, JavaScript, etc.) on a web page to be requested from another domain outside the domain from which the resource originated.

This class represent the available options for configure CORS in Jooby.

usage

 {
   decorator(new CorsHandler());
 }
 

Previous example, adds a cors filter using the default cors options.

Since:

2.0.4

Author:

edgar

Constructor Summary

Constructors

Constructor and Description
Cors() Creates default Cors.

Method Summary

Modifier and Type	Method and Description
boolean	allowHeader(String... headers) True if all the headers are allowed.
boolean	allowHeaders(List<String> headers) True if all the headers are allowed.
boolean	allowMethod(String method) True if the method is allowed.
boolean	allowOrigin(String origin) Test if the given origin is allowed or not.
boolean	anyHeader()
boolean	anyOrigin()
static Cors	from(com.typesafe.config.Config conf) Get cors options from application configuration file.
List<String>	getExposedHeaders()
List<String>	getHeaders()
Duration	getMaxAge()
List<String>	getMethods()
List<String>	getOrigin() An origin must be a "*" (any origin), a domain name (like, http://foo.com) and/or a regex (like, http://*.domain.com).
boolean	getUseCredentials() If true, set the Access-Control-Allow-Credentials header.
Cors	setExposedHeaders(List<String> exposedHeaders) Set the list of exposed headers.
Cors	setExposedHeaders(String... exposedHeaders) Set the list of exposed headers.
Cors	setHeaders(List<String> headers) Set one or more allowed headers.
Cors	setHeaders(String... headers) Set one or more allowed headers.
Cors	setMaxAge(Duration preflightMaxAge) Set the preflight max age header.
Cors	setMethods(List<String> methods) Set one or more allowed methods.
Cors	setMethods(String... methods) Set one or more allowed methods.
Cors	setOrigin(List<String> origin) Set the allowed origins.
Cors	setOrigin(String... origin) Set the allowed origins.
Cors	setUseCredentials(boolean credentials) If true, set the Access-Control-Allow-Credentials header.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Cors

public Cors()

Creates default Cors. Default options are:

  origin: "*"
  credentials: true
  allowedMethods: [GET, POST]
  allowedHeaders: [X-Requested-With, Content-Type, Accept, Origin]
  maxAge: 30m
  exposedHeaders: []
 

Method Detail

getUseCredentials

public boolean getUseCredentials()

If true, set the Access-Control-Allow-Credentials header.

Returns:

If the Access-Control-Allow-Credentials header must be set.

setUseCredentials

public Cors setUseCredentials(boolean credentials)

If true, set the Access-Control-Allow-Credentials header.

Parameters:

credentials - Credentials.

Returns:

This cors.

anyOrigin

public boolean anyOrigin()

Returns:

True if any origin is accepted.

getOrigin

public List<String> getOrigin()

An origin must be a "*" (any origin), a domain name (like, http://foo.com) and/or a regex (like, http://*.domain.com).

Returns:

List of valid origins: Default is: *

allowOrigin

public boolean allowOrigin(String origin)

Test if the given origin is allowed or not.

Parameters:

origin - The origin to test.

Returns:

True if the origin is allowed.

setOrigin

public Cors setOrigin(String... origin)

Set the allowed origins. An origin must be a "*" (any origin), a domain name (like, http://foo.com) and/or a regex (like, http://*.domain.com).

Parameters:

origin - One ore more origin.

Returns:

This cors.

setOrigin

public Cors setOrigin(List<String> origin)

Set the allowed origins. An origin must be a "*" (any origin), a domain name (like, http://foo.com) and/or a regex (like, http://*.domain.com).

Parameters:

origin - One ore more origin.

Returns:

This cors.

allowMethod

public boolean allowMethod(String method)

True if the method is allowed.

Parameters:

method - Method to test.

Returns:

True if the method is allowed.

getMethods

public List<String> getMethods()

Returns:

List of allowed methods.

setMethods

public Cors setMethods(String... methods)

Set one or more allowed methods.

Parameters:

methods - One or more method.

Returns:

This cors.

setMethods

public Cors setMethods(List<String> methods)

Set one or more allowed methods.

Parameters:

methods - One or more method.

Returns:

This cors.

anyHeader

public boolean anyHeader()

Returns:

True if any header is allowed: *.

allowHeader

public boolean allowHeader(String... headers)

True if all the headers are allowed.

Parameters:

headers - Headers to test.

Returns:

True if all the headers are allowed.

allowHeaders

public boolean allowHeaders(List<String> headers)

True if all the headers are allowed.

Parameters:

headers - Headers to test.

Returns:

True if all the headers are allowed.

getHeaders

public List<String> getHeaders()

Returns:

List of allowed headers. Default are: X-Requested-With, Content-Type, Accept and Origin.

setHeaders

public Cors setHeaders(String... headers)

Set one or more allowed headers. Possible values are a header name or * if any header is allowed.

Parameters:

headers - Headers to set.

Returns:

This cors.

setHeaders

public Cors setHeaders(List<String> headers)

Set one or more allowed headers. Possible values are a header name or * if any header is allowed.

Parameters:

headers - Headers to set.

Returns:

This cors.

getExposedHeaders

public List<String> getExposedHeaders()

Returns:

List of exposed headers.

setExposedHeaders

public Cors setExposedHeaders(String... exposedHeaders)

Set the list of exposed headers.

Parameters:

exposedHeaders - Headers to expose.

Returns:

This cors.

setExposedHeaders

public Cors setExposedHeaders(List<String> exposedHeaders)

Set the list of exposed headers.

Parameters:

exposedHeaders - Headers to expose.

Returns:

This cors.

getMaxAge

public Duration getMaxAge()

Returns:

Preflight max age. How many seconds a client can cache a preflight request.

setMaxAge

public Cors setMaxAge(Duration preflightMaxAge)

Set the preflight max age header. That's how many seconds a client can cache a preflight request.

Parameters:

preflightMaxAge - Number of seconds or -1 to turn this off.

Returns:

This cors.

from

@Nonnull
public static Cors from(@Nonnull
                                 com.typesafe.config.Config conf)

Get cors options from application configuration file.

 cors {
   origin: *
   methods: [GET, POST]
   headers: [Custom-Header]
   maxAge: 30m
   exposesHeaders: [Header]
 }
 

Parameters:

conf - Configuration.

Returns:

Cors options.