Package org.apereo.cas.configuration.model.core.web.security

Class HttpCorsRequestProperties

java.lang.Object
org.apereo.cas.configuration.model.core.web.security.HttpCorsRequestProperties
All Implemented Interfaces:
Serializable
@RequiresModule(name="cas-server-core-web", automated=true) public class HttpCorsRequestProperties extends Object implements Serializable
This is HttpCorsRequestProperties.
Since:
5.0.0
See Also:

  • Constructor Details

    • HttpCorsRequestProperties

      public HttpCorsRequestProperties()

  • Method Details

    • isEnabled

      public boolean isEnabled()
      Whether CORS should be enabled for http requests.

    • isAllowCredentials

      public boolean isAllowCredentials()
      The Access-Control-Allow-Credentials header Indicates whether or not the response to the request can be exposed when the credentials flag is true. When used as part of a response to a preflight request, this indicates whether or not the actual request can be made using credentials. Note that simple GET requests are not preflighted, and so if a request is made for a resource with credentials, if this header is not returned with the resource, the response is ignored by the browser and not returned to web content.

    • getAllowOrigins

      public List<String> getAllowOrigins()
      The Origin header indicates the origin of the cross-site access request or preflight request. The origin is a URI indicating the server from which the request initiated. When credentials are allowed, '*' cannot be used and origin patterns should be configured instead. It does not include any path information, but only the server name.

    • getAllowOriginPatterns

      public List<String> getAllowOriginPatterns()
      Comma-separated list of origin patterns to allow. Unlike allowed origins which only supports *, origin patterns are more flexible (for example https://*.example.com) and can be used when credentials are allowed. When no allowed origin patterns or allowed origins are set, CORS support is disabled.

    • getAllowMethods

      public List<String> getAllowMethods()
      The Access-Control-Allow-Methods header specifies the method or methods allowed when accessing the resource. This is used in response to a pre-flight request. The conditions under which a request is pre-flighted are discussed above. Default is everything.

    • getAllowHeaders

      public List<String> getAllowHeaders()
      The Access-Control-Allow-Headers header is used in response to a preflight request to indicate which HTTP headers can be used when making the actual request. Default is everything.

    • getMaxAge

      public long getMaxAge()
      The Access-Control-Max-Age header indicates how long the results of a preflight request can be cached.

    • getExposedHeaders

      public List<String> getExposedHeaders()
      The Access-Control-Expose-Headers header lets a server accept headers that browsers are allowed to access.

    • setEnabled

      public HttpCorsRequestProperties setEnabled(boolean enabled)
      Whether CORS should be enabled for http requests.
      Returns:
      this.

    • setAllowCredentials

      public HttpCorsRequestProperties setAllowCredentials(boolean allowCredentials)
      The Access-Control-Allow-Credentials header Indicates whether or not the response to the request can be exposed when the credentials flag is true. When used as part of a response to a preflight request, this indicates whether or not the actual request can be made using credentials. Note that simple GET requests are not preflighted, and so if a request is made for a resource with credentials, if this header is not returned with the resource, the response is ignored by the browser and not returned to web content.
      Returns:
      this.

    • setAllowOrigins

      public HttpCorsRequestProperties setAllowOrigins(List<String> allowOrigins)
      The Origin header indicates the origin of the cross-site access request or preflight request. The origin is a URI indicating the server from which the request initiated. When credentials are allowed, '*' cannot be used and origin patterns should be configured instead. It does not include any path information, but only the server name.
      Returns:
      this.

    • setAllowOriginPatterns

      public HttpCorsRequestProperties setAllowOriginPatterns(List<String> allowOriginPatterns)
      Comma-separated list of origin patterns to allow. Unlike allowed origins which only supports *, origin patterns are more flexible (for example https://*.example.com) and can be used when credentials are allowed. When no allowed origin patterns or allowed origins are set, CORS support is disabled.
      Returns:
      this.

    • setAllowMethods

      public HttpCorsRequestProperties setAllowMethods(List<String> allowMethods)
      The Access-Control-Allow-Methods header specifies the method or methods allowed when accessing the resource. This is used in response to a pre-flight request. The conditions under which a request is pre-flighted are discussed above. Default is everything.
      Returns:
      this.

    • setAllowHeaders

      public HttpCorsRequestProperties setAllowHeaders(List<String> allowHeaders)
      The Access-Control-Allow-Headers header is used in response to a preflight request to indicate which HTTP headers can be used when making the actual request. Default is everything.
      Returns:
      this.

    • setMaxAge

      public HttpCorsRequestProperties setMaxAge(long maxAge)
      The Access-Control-Max-Age header indicates how long the results of a preflight request can be cached.
      Returns:
      this.

    • setExposedHeaders

      public HttpCorsRequestProperties setExposedHeaders(List<String> exposedHeaders)
      The Access-Control-Expose-Headers header lets a server accept headers that browsers are allowed to access.
      Returns:
      this.