CORSPolicy

Attributes

Source:: CORS.scala

Attributes

Source:: CORS.scala

Attributes

Source:: CORS.scala

def None } valsomeAllowMethodsSpecificHeader:Option[Raw]=allowMethodsmatch{ caseAllowMethods.All=> None caseAllowMethods.In(methods)=> catsSyntaxOptionId[Raw](Header.Raw.apply(Access-Control-Allow-Methods.name,methods.map[String](((_$18:Method)=>_$18.renderString)).mkString(","))).some } valmaxAgeHeader:Option[Raw]=maxAgematch{ caseMaxAge.Some(deltaSeconds)=> catsSyntaxOptionId[Raw](Header.Raw.apply(Access-Control-Max-Age.name,deltaSeconds.toString())).some caseMaxAge.Default=> None caseMaxAge.DisableCaching=> catsSyntaxOptionId[Raw](Header.Raw.apply(Access-Control-Max-Age.name,"-1")).some } valvaryHeaderNonOptions:Option[Raw]=allowOriginmatch{ caseAllowOrigin.Match(_)=> catsSyntaxOptionId[Raw](Header.Raw.apply(CIStringSyntax(_root_.scala.StringContext.apply("Vary")).ci(),Header.apply[Origin](headerInstance).name.toString)).some case_=> None } valvaryHeaderOptions:Option[Raw]={ deforigin:List[CIString]=allowOriginmatch{ caseAllowOrigin.All=> Nil caseAllowOrigin.Match(_)=> List.apply[CIString](Header.apply[Origin](headerInstance).name) } def`methods₂`:List[CIString]=allowMethodsmatch{ caseAllowMethods.All=> Nil caseAllowMethods.In(_)=> List.apply[CIString](Header.apply[Access-Control-Request-Method](headerInstance).name) } defheaders:List[CIString]=allowHeadersmatch{ case(AllowHeaders.All|AllowHeaders.Static(_))=> Nil case(AllowHeaders.In(_)|AllowHeaders.Reflect)=> List.apply[CIString](CIStringSyntax(_root_.scala.StringContext.apply("Access-Control-Request-Headers")).ci()) } origin.++[CIString](`methods₂`).++[CIString](headers)match{ caseNil=> None casenonEmpty=> catsSyntaxOptionId[Raw](Header.Raw.apply(CIStringSyntax(_root_.scala.StringContext.apply("Vary")).ci(),nonEmpty.map[String](((_$19:CIString)=>_$19.toString)).mkString(","))).some } } defdispatch(req:Request[G]):F[Response[G]]=req.headers.get[Origin](singleHeaders[Origin](headerInstance))match{ caseSome(origin)=> req.methodmatch{ caseMethod.OPTIONS=> req.headers.get[Access-Control-Request-Method](singleHeaders[Access-Control-Request-Method](headerInstance))match{ caseSome(acrm)=> val`headers₂`:Set[CIString]=req.headers.get(CIStringSyntax(_root_.scala.StringContext.apply("Access-Control-Request-Headers")).ci())match{ caseSome(acrHeaders)=> toFoldableOps[NonEmptyList,Set[CIString]](acrHeaders.map[Set[CIString]](((_$20:Raw)=>wrapRefArray[CIString](refArrayOps[String](_$20.value.split("\\s*,\\s*")).map[CIString](((_$21:String)=>CIString.apply(_$21)))(ClassTag.apply[CIString](classOf[CIString]))).toSet[CIString])))(catsDataInstancesForNonEmptyListBinCompat1).fold(catsKernelBoundedSemilatticeForSet[CIString]) caseNone=> Set.empty[CIString] } preflight(req,`origin₂`,acrm.method,`headers₂`) caseNone=> nonPreflight(req,`origin₂`) } case_=> nonPreflight(req,`origin₂`) } caseNone=> nonCors(req) } defnonPreflight(`req₂`:Request[G],`origin₃`:Origin):F[Response[G]]={ valbuff:Builder[Raw,List[Raw]]=List.newBuilder[Header.Raw] allowOriginHeader(`origin₃`).map[Builder[Raw,List[Raw]]](((allowOrigin:Raw)=>{ buff.+=(allowOrigin) allowCredentialsHeader.foreach[Builder[Raw,List[Raw]]](((elem:Raw)=>buff.+=(elem))) exposeHeadersHeader.foreach[Builder[Raw,List[Raw]]](((`elem₂`:Raw)=>buff.+=(`elem₂`))) buff })) toFunctorOps[F,Response[G]](toFunctorOps[F,Response[G]](http.apply(`req₂`))(evidence$6).map[Response[G]](((_$22:Response[G])=>_$22.putHeaders(buff.result().map[ToRaw&Primitive](((h:Raw)=>Header.ToRaw.rawToRaw(h))):_*))))(evidence$6).map[Response[G]](((resp:Response[G])=>varyHeader(`req₂`.method)(resp))) } defpreflight(`req₃`:Request[G],`origin₄`:Origin,method:Method,`headers₃`:Set[CIString]):F[Response[G]]={ val`buff₂`:Builder[Raw,List[Raw]]=List.newBuilder[Header.Raw] catsSyntaxTuple3Semigroupal[Option,Raw,Raw,Raw](Tuple3.apply[Option[Raw],Option[Raw],Option[Raw]](allowOriginHeader(`origin₄`),allowMethodsHeader(method),allowHeadersHeader(`headers₃`))).mapN[Unit](((x$1:Raw,x$2:Raw,x$3:Raw)=>Tuple3.apply[Raw,Raw,Raw](x$1,x$2,x$3)match{ caseTuple3(allowOrigin,allowMethods,allowHeaders)=> `buff₂`.+=(`allowOrigin₂`) allowCredentialsHeader.foreach[Builder[Raw,List[Raw]]](((`elem₃`:Raw)=>`buff₂`.+=(`elem₃`))) `buff₂`.+=(allowMethods) `buff₂`.+=(allowHeaders) maxAgeHeader.foreach[Builder[Raw,List[Raw]]](((`elem₄`:Raw)=>`buff₂`.+=(`elem₄`))) }))(catsInstancesForOption,catsSemigroupalForOption) toFunctorOps[F,Response[G]](toFunctorOps[F,Response[G]](preflightResponder.apply(`req₃`))(evidence$6).map[Response[G]](((_$23:Response[G])=>_$23.putHeaders(`buff₂`.result().map[ToRaw&Primitive](((`h₂`:Raw)=>Header.ToRaw.rawToRaw(`h₂`))):_*))))(evidence$6).map[Response[G]]({ valmethod$1:Method=Method.OPTIONS ((`resp₂`:Response[G])=>varyHeader(method$1)(`resp₂`)) }) } defnonCors(`req₄`:Request[G]):F[Response[G]]=toFunctorOps[F,Response[G]](http.apply(`req₄`))(evidence$6).map[Response[G]](((`resp₃`:Response[G])=>varyHeader(`req₄`.method)(`resp₃`))) defallowOriginHeader(`origin₅`:Origin):Option[Raw]=allowOriginmatch{ caseAllowOrigin.All=> CommonHeaders.someAllowOriginWildcard caseAllowOrigin.Match(p)=> if(p.apply(`origin₅`))catsSyntaxOptionId[Raw](Header.Raw.apply(CIStringSyntax(_root_.scala.StringContext.apply("Access-Control-Allow-Origin")).ci(),http4sHeaderSyntax[Origin](`origin₅`)(headerInstance).value)).someelseNone } defallowMethodsHeader(`method₂`:Method):Option[Raw]=allowMethodsmatch{ caseAllowMethods.All=> if(allowCredentials.==(AllowCredentials.Deny).||(catsSyntaxEq[Method](`method₂`)(catsInstancesForHttp4sMethod).===(wildcardMethod)))CommonHeaders.someAllowMethodsWildcardelseNone caseAllowMethods.In(methods)=> if(`methods₃`.contains(`method₂`))someAllowMethodsSpecificHeaderelseNone } defsomeAllowHeadersHeader(`headers₄`:Set[CIString]):Option[Raw]=catsSyntaxOptionId[Raw](Header.Raw.apply(Header.apply[Access-Control-Allow-Headers](headerInstance).name,`headers₄`.map[String](((_$24:CIString)=>_$24.toString)).mkString(","))).some defallowHeadersHeader(requestHeaders:Set[CIString]):Option[Raw]=allowHeadersmatch{ caseAllowHeaders.All=> if(allowCredentials.==(AllowCredentials.Deny).||(catsSyntaxEq[Set[CIString]](requestHeaders)(catsKernelPartialOrderForSet[CIString]).===(wildcardHeadersSet)))CommonHeaders.someAllowHeadersWildcardelseNone caseAllowHeaders.Static(allowedHeaders)=> someAllowHeadersHeader(allowedHeaders) caseAllowHeaders.In(allowedHeaders)=> if(requestHeaders.--(`allowedHeaders₂`).isEmpty)someAllowHeadersHeader(`allowedHeaders₂`)elseNone caseAllowHeaders.Reflect=> someAllowHeadersHeader(requestHeaders) } defvaryHeader(`method₃`:Method)(`resp₄`:Response[G]):Self=(`method₃`match{ caseMethod.OPTIONS=> varyHeaderOptions case_=> varyHeaderNonOptions })match{ caseSome(vary)=> `resp₄`.putHeaders(`resp₄`.headers.get(CIStringSyntax(_root_.scala.StringContext.apply("Vary")).ci())match{ caseNone=> rawToRaw(vary) caseSome(oldVary)=> rawToRaw(Header.Raw.apply(CIStringSyntax(_root_.scala.StringContext.apply("Vary")).ci(),oldVary.map[String](((_$25:Raw)=>_$25.value)).toList.mkString(",").+(",").+(vary.value))) }) caseNone=> `resp₄` } if(allowOrigin.==(AllowOrigin.All).&&(allowCredentials.==(AllowCredentials.Allow))){ logger.warn("CORSdisabledduetoinsecureconfigprohibitedbyspec.CallwithCredentials(false)toavoidsharingcredential-taintedresponseswitharbitraryorigins,orcallwithAllowOrigin*methodtobeexplicitwhoyoutrustwithcredential-taintedresponses.").unsafeRunSync() http }elseKleisli.apply[F,Request[G],Response[G]](((`req₅`:Request[G])=>dispatch(`req₅`))) }" t="n"class="documentableName ">impl[F[_] : Functor, G[_]](http: Http[F, G], preflightResponder: Http[F, G]): Http[F, G]

Attributes

Source:: CORS.scala

Allow credentials. Sends an Access-Control-Allow-Credentials: * on valid CORS requests if true, and omits the header if false.

For security purposes, it is an invalid per the Fetch Living Standard that defines CORS to set this to true when any origin is allowed.

Attributes

Source:: CORS.scala

Allows CORS requests with any headers if credentials are not allowed. If credentials are allowed, allows requests with a literal header name of *, which is almost certainly not what you mean, but per spec.

Sends an Access-Control-Allow-Headers: * header on valid CORS preflight requests.

Attributes

Source:: CORS.scala

Allows CORS requests whose request headers are a subset of the headers enumerated here, or are CORS-safelisted.

If preflight requests send an Access-Control-Request-Headers header, its value must be a subset of those passed here.

Sends an Access-Control-Allow-Headers header with the specified headers on valid CORS preflight requests.

Attributes

Source:: CORS.scala

Reflects the Access-Control-Request-Headers back as Access-Control-Allow-Headers on preflight requests. This is most useful when credentials are allowed and a wildcard for Access-Control-Allow-Headers would be treated literally.

Sends an Access-Control-Allow-Headers header with the specified headers on valid CORS preflight requests.

Attributes

Source:: CORS.scala

Returns a static value in Access-Control-Allow-Headers on preflight requests consisting of the supplied headers.

Sends an Access-Control-Allow-Headers header with the specified headers on valid CORS preflight requests.

Attributes

Source:: CORS.scala

Allows CORS requests with any method if credentials are not allowed. If credentials are allowed, allows requests with a literal method of *, which is almost certainly not what you mean, but per spec.

Sends an Access-Control-Allow-Headers: * header on valid CORS preflight requests.

Attributes

Source:: CORS.scala

Allows CORS requests with any of the specified methods allowed.

Preflight requests must send a matching Access-Control-Request-Method header to receive a CORS response.

Sends an Access-Control-Allow-Headers header with the specified headers on valid CORS preflight requests.

Attributes

Source:: CORS.scala

Allow CORS requests from any origin with an Access-Control-Allow-Origin of *.

Attributes

Source:: CORS.scala

Allow requests from any origin matching the predicate p. On matching requests, the request origin is reflected as the Access-Control-Allow-Origin header.

The Origin header contains some arcane settings, like multiple origins, or a null origin. withAllowOriginHost is generally more convenient.

Attributes

Source:: CORS.scala

Allow requests from any origin host matching the predicate p. The origin host is the first value in the request's Origin header, if not null header, unless it is null. Examples:

Origin: http://www.example.com => http://www.example.com
Origin: http://www.example.com, http://example.net => http://www.example.com
Origin: null => always false

A Set[Origin.Host] is often a good choice here, but a predicate is offered to support more advanced matching.

Attributes

Source:: CORS.scala

Allow requests from any origin host whose case-insensitive rendering matches predicate p. A concession to the fact that constructing org.http4s.headers.Origin.Host values is verbose.

Attributes

See also:: withAllowOriginHost
Source:: CORS.scala

Exposes all response headers to the origin.

Sends an Access-Control-Expose-Headers: * header on valid CORS non-preflight requests.

Attributes

Source:: CORS.scala

Exposes specific response headers to the origin. These are in addition to CORS-safelisted response headers.

Sends an Access-Control-Expose-Headers header with names as a comma-delimited string on valid CORS non-preflight requests.

Attributes

Source:: CORS.scala

Exposes no response headers to the origin beyond the CORS-safelisted response headers.

Sends an Access-Control-Expose-Headers header with names as a comma-delimited string on valid CORS non-preflight requests.

Attributes

Source:: CORS.scala

Sets the duration the results can be cached. The duration is truncated to seconds. A negative value results in a cache duration of zero.

Sends an Access-Control-Max-Age header with the duration in seconds on preflight requests.

Attributes

Source:: CORS.scala

Sets the duration the results can be cached to the user agent's default. This suppresses the Access-Control-Max-Age header.

Attributes

Source:: CORS.scala

Instructs the client to not cache any preflight results.

Sends an Access-Control-Max-Age: -1 header

Attributes

Source:: CORS.scala

CORSPolicy

Attributes

Members list

Value members

Concrete methods

Attributes

Attributes

Attributes

Attributes

Attributes

Attributes

Attributes

Attributes

Attributes

Attributes

Attributes

Attributes

Attributes

Attributes

Attributes

Attributes

Attributes

Attributes

Attributes

Attributes

Attributes