Class HttpCorsRequestProperties
java.lang.Object
org.apereo.cas.configuration.model.core.web.security.HttpCorsRequestProperties
- All Implemented Interfaces:
Serializable
@RequiresModule(name="cas-server-core-web",
automated=true)
public class HttpCorsRequestProperties
extends Object
implements Serializable
This is
HttpCorsRequestProperties
.- Since:
- 5.0.0
- See Also:
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionThe Access-Control-Allow-Headers header is used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.The Access-Control-Allow-Methods header specifies the method or methods allowed when accessing the resource.Comma-separated list of origin patterns to allow.The Origin header indicates the origin of the cross-site access request or preflight request.The Access-Control-Expose-Headers header lets a server accept headers that browsers are allowed to access.long
The Access-Control-Max-Age header indicates how long the results of a preflight request can be cached.boolean
The Access-Control-Allow-Credentials header Indicates whether or not the response to the request can be exposed when the credentials flag is true.boolean
Whether CORS should be enabled for http requests.setAllowCredentials
(boolean allowCredentials) The Access-Control-Allow-Credentials header Indicates whether or not the response to the request can be exposed when the credentials flag is true.setAllowHeaders
(List<String> allowHeaders) The Access-Control-Allow-Headers header is used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.setAllowMethods
(List<String> allowMethods) The Access-Control-Allow-Methods header specifies the method or methods allowed when accessing the resource.setAllowOriginPatterns
(List<String> allowOriginPatterns) Comma-separated list of origin patterns to allow.setAllowOrigins
(List<String> allowOrigins) The Origin header indicates the origin of the cross-site access request or preflight request.setEnabled
(boolean enabled) Whether CORS should be enabled for http requests.setExposedHeaders
(List<String> exposedHeaders) The Access-Control-Expose-Headers header lets a server accept headers that browsers are allowed to access.setMaxAge
(long maxAge) The Access-Control-Max-Age header indicates how long the results of a preflight request can be cached.
-
Constructor Details
-
HttpCorsRequestProperties
public HttpCorsRequestProperties()
-
-
Method Details
-
isEnabled
public boolean isEnabled()Whether CORS should be enabled for http requests. -
isAllowCredentials
public boolean isAllowCredentials()The Access-Control-Allow-Credentials header Indicates whether or not the response to the request can be exposed when the credentials flag is true. When used as part of a response to a preflight request, this indicates whether or not the actual request can be made using credentials. Note that simple GET requests are not preflighted, and so if a request is made for a resource with credentials, if this header is not returned with the resource, the response is ignored by the browser and not returned to web content. -
getAllowOrigins
The Origin header indicates the origin of the cross-site access request or preflight request. The origin is a URI indicating the server from which the request initiated. When credentials are allowed, '*' cannot be used and origin patterns should be configured instead. It does not include any path information, but only the server name. -
getAllowOriginPatterns
Comma-separated list of origin patterns to allow. Unlike allowed origins which only supports*
, origin patterns are more flexible (for examplehttps://*.example.com
) and can be used when credentials are allowed. When no allowed origin patterns or allowed origins are set, CORS support is disabled. -
getAllowMethods
The Access-Control-Allow-Methods header specifies the method or methods allowed when accessing the resource. This is used in response to a pre-flight request. The conditions under which a request is pre-flighted are discussed above. Default is everything. -
getAllowHeaders
The Access-Control-Allow-Headers header is used in response to a preflight request to indicate which HTTP headers can be used when making the actual request. Default is everything. -
getMaxAge
public long getMaxAge()The Access-Control-Max-Age header indicates how long the results of a preflight request can be cached. -
getExposedHeaders
The Access-Control-Expose-Headers header lets a server accept headers that browsers are allowed to access. -
setEnabled
Whether CORS should be enabled for http requests.- Returns:
this
.
-
setAllowCredentials
The Access-Control-Allow-Credentials header Indicates whether or not the response to the request can be exposed when the credentials flag is true. When used as part of a response to a preflight request, this indicates whether or not the actual request can be made using credentials. Note that simple GET requests are not preflighted, and so if a request is made for a resource with credentials, if this header is not returned with the resource, the response is ignored by the browser and not returned to web content.- Returns:
this
.
-
setAllowOrigins
The Origin header indicates the origin of the cross-site access request or preflight request. The origin is a URI indicating the server from which the request initiated. When credentials are allowed, '*' cannot be used and origin patterns should be configured instead. It does not include any path information, but only the server name.- Returns:
this
.
-
setAllowOriginPatterns
Comma-separated list of origin patterns to allow. Unlike allowed origins which only supports*
, origin patterns are more flexible (for examplehttps://*.example.com
) and can be used when credentials are allowed. When no allowed origin patterns or allowed origins are set, CORS support is disabled.- Returns:
this
.
-
setAllowMethods
The Access-Control-Allow-Methods header specifies the method or methods allowed when accessing the resource. This is used in response to a pre-flight request. The conditions under which a request is pre-flighted are discussed above. Default is everything.- Returns:
this
.
-
setAllowHeaders
The Access-Control-Allow-Headers header is used in response to a preflight request to indicate which HTTP headers can be used when making the actual request. Default is everything.- Returns:
this
.
-
setMaxAge
The Access-Control-Max-Age header indicates how long the results of a preflight request can be cached.- Returns:
this
.
-
setExposedHeaders
The Access-Control-Expose-Headers header lets a server accept headers that browsers are allowed to access.- Returns:
this
.
-