@Target(value={METHOD,TYPE})
@Retention(value=RUNTIME)
@Documented
public @interface CrossOrigin
By default, all origins and headers are permitted.
Modifier and Type | Fields and Description |
---|---|
static boolean |
DEFAULT_ALLOW_CREDENTIALS |
static java.lang.String[] |
DEFAULT_ALLOWED_HEADERS |
static long |
DEFAULT_MAX_AGE |
static java.lang.String[] |
DEFAULT_ORIGINS |
Modifier and Type | Optional Element and Description |
---|---|
java.lang.String |
allowCredentials
Whether the browser should include any cookies associated with the
domain of the request being annotated.
|
java.lang.String[] |
allowedHeaders
List of request headers that can be used during the actual request.
|
java.lang.String[] |
exposedHeaders
List of response headers that the user-agent will allow the client to access.
|
long |
maxAge
The maximum age (in seconds) of the cache duration for pre-flight responses.
|
RequestMethod[] |
methods
List of supported HTTP request methods, e.g.
|
java.lang.String[] |
origins
List of allowed origins, e.g.
|
java.lang.String[] |
value
Alias for
origins() . |
@AliasFor(value="value") public abstract java.lang.String[] origins
"http://domain1.com"
.
These values are placed in the Access-Control-Allow-Origin
header of both the pre-flight response and the actual response.
"*"
means that all origins are allowed.
If undefined, all origins are allowed.
value()
public abstract java.lang.String[] allowedHeaders
This property controls the value of the pre-flight response's
Access-Control-Allow-Headers
header.
"*"
means that all headers requested by the client are allowed.
If undefined, all requested headers are allowed.
public abstract java.lang.String[] exposedHeaders
This property controls the value of actual response's
Access-Control-Expose-Headers
header.
If undefined, an empty exposed header list is used.
public abstract RequestMethod[] methods
"{RequestMethod.GET, RequestMethod.POST}"
.
Methods specified here override those specified via RequestMapping
.
If undefined, methods defined by RequestMapping
annotation
are used.
public abstract java.lang.String allowCredentials
Set to "false"
if such cookies should not included.
An empty string (""
) means undefined.
"true"
means that the pre-flight response will include the header
Access-Control-Allow-Credentials=true
.
If undefined, credentials are allowed.
public abstract long maxAge
This property controls the value of the Access-Control-Max-Age
header in the pre-flight response.
Setting this to a reasonable value can reduce the number of pre-flight request/response interactions required by the browser. A negative value means undefined.
If undefined, max age is set to 1800
seconds (i.e., 30 minutes).